From patchwork Fri Mar 3 12:32:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Omkar Patil X-Patchwork-Id: 20389 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 356E4C64EC4 for ; Fri, 3 Mar 2023 12:32:36 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web10.21695.1677846750733156529 for ; Fri, 03 Mar 2023 04:32:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Do7159N7; spf=pass (domain: gmail.com, ip: 209.85.214.177, mailfrom: omkarpatil10.93@gmail.com) Received: by mail-pl1-f177.google.com with SMTP id ky4so2517424plb.3 for ; Fri, 03 Mar 2023 04:32:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1677846750; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=5ihAvuAAcxLDVf0jxvYO98rj95sfrp0Q0pcprssuMD0=; b=Do7159N7fSWTEEInkmW6Nkz5F+scs7C4z6k8J+Axmy7MrlLBrzUdRJr41RlrFvJTYF gSncDpGkWHCe5LCBrBYZpW6E76CFLtFWc+vWJYjoLZQHq8jbP+qG3l3r5GBS2lx/7TsG e9Q/9/syddRoVZjGqzLvx36dc/NdRf1i4/hGM1UOSrSV2+JGT8ps2/1qpDTAa+GA/qMb qIjBrnxtXmXLRx5wCXFrsqWAFO0y1TjSZWeotLMZABtsB6r3giBeeIYlBTrhojJ0+yBf teLzal0TBwl/F11/ZYGB+bVJCSuU+E9sVg1xPBxeLF+84b4czsN8aWy6zWpEq64q7rPK trrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677846750; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5ihAvuAAcxLDVf0jxvYO98rj95sfrp0Q0pcprssuMD0=; b=vUSOrCvt9cRU+7K1ww7A/+FpacU4bh9Ow+UqIWT9vedvtWM7vc1lDRokI4mtx4UXa7 /AyXX8Pp/NZ1sijkBE/h7JHl2ijZJnrKtBk2gpnIGiRSSlxX8DJQO5KD/x/J4M/elXJC QPY74Kwhf4fOQC8gRNf3LtcqClQmCP1u0lIgS957j951hv0tOxxMs863CzgbDJUvXZer xqozxbSauFAhtSdo6PPARE+tXvkAMS3sOD/t8ZgI5fmbO/MLrr+uUP91MOwy489Jjsyn ydQsEdiYcjYc69++NvzOFJ8NMYeW4FL6JBY4pnpdzsl/QntauSicpT/A6yrH7DHpPaiH 5fTg== X-Gm-Message-State: AO0yUKXMreahwKAZUbHK/eFX58iuWDmhcObO4IIo0weDzYI6kpVzMy65 wsh1CZjrlIfDIbuQqVWVanrerL9HlD4u/Q== X-Google-Smtp-Source: AK7set/fA9pWZui13T7nLHA/CcBpsdmRN4TsH/IWQlZYEHDHafVvG7XDIP4ZvwKfgFDfSw9fdzNqOw== X-Received: by 2002:a05:6a20:8417:b0:c7:1fff:fab7 with SMTP id c23-20020a056a20841700b000c71ffffab7mr2625910pzd.54.1677846749793; Fri, 03 Mar 2023 04:32:29 -0800 (PST) Received: from localhost.localdomain ([27.58.236.238]) by smtp.gmail.com with ESMTPSA id j37-20020a63fc25000000b00478c48cf73csm1449881pgi.82.2023.03.03.04.32.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Mar 2023 04:32:29 -0800 (PST) From: Omkar Patil To: openembedded-devel@lists.openembedded.org, ppjadhav456@gmail.com Cc: ranjitsinh.rathod@kpit.com, Poonam Jadhav , Omkar Patil Subject: [oe][meta-filesystems][dunfell][PATCH 1/4] nodejs: Fix CVE-2022-32212 Date: Fri, 3 Mar 2023 18:02:12 +0530 Message-Id: <20230303123215.296036-1-omkarpatil10.93@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Mar 2023 12:32:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/101347 From: Poonam Jadhav Add patch to fix CVE-2022-32212 Link: https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-32212.patch Signed-off-by: Poonam Jadhav Signed-off-by: Omkar Patil --- .../nodejs/nodejs/CVE-2022-32212.patch | 133 ++++++++++++++++++ .../nodejs/nodejs_12.22.12.bb | 1 + 2 files changed, 134 insertions(+) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch new file mode 100644 index 000000000..f7b4b61f4 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch @@ -0,0 +1,133 @@ +commit 48c5aa5cab718d04473fa2761d532657c84b8131 +Author: Tobias Nießen +Date: Fri May 27 21:18:49 2022 +0000 + + src: fix IPv4 validation in inspector_socket + + Co-authored-by: RafaelGSS + PR-URL: https://github.com/nodejs-private/node-private/pull/320 + Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/325 + Reviewed-By: Matteo Collina + Reviewed-By: RafaelGSS + CVE-ID: CVE-2022-32212 + +CVE: CVE-2022-32212 +Upstream-Status: Backport [https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-32212.patch] +Comment: No hunks refreshed +Signed-off-by: Poonam Jadhav + +Index: nodejs-12.22.12~dfsg/src/inspector_socket.cc +=================================================================== +--- nodejs-12.22.12~dfsg.orig/src/inspector_socket.cc ++++ nodejs-12.22.12~dfsg/src/inspector_socket.cc +@@ -168,14 +168,22 @@ static std::string TrimPort(const std::s + static bool IsIPAddress(const std::string& host) { + if (host.length() >= 4 && host.front() == '[' && host.back() == ']') + return true; +- int quads = 0; ++ uint_fast16_t accum = 0; ++ uint_fast8_t quads = 0; ++ bool empty = true; ++ auto endOctet = [&accum, &quads, &empty](bool final = false) { ++ return !empty && accum <= 0xff && ++quads <= 4 && final == (quads == 4) && ++ (empty = true) && !(accum = 0); ++ }; + for (char c : host) { +- if (c == '.') +- quads++; +- else if (!isdigit(c)) ++ if (isdigit(c)) { ++ if ((accum = (accum * 10) + (c - '0')) > 0xff) return false; ++ empty = false; ++ } else if (c != '.' || !endOctet()) { + return false; ++ } + } +- return quads == 3; ++ return endOctet(true); + } + + // Constants for hybi-10 frame format. +Index: nodejs-12.22.12~dfsg/test/cctest/test_inspector_socket.cc +=================================================================== +--- nodejs-12.22.12~dfsg.orig/test/cctest/test_inspector_socket.cc ++++ nodejs-12.22.12~dfsg/test/cctest/test_inspector_socket.cc +@@ -851,4 +851,78 @@ TEST_F(InspectorSocketTest, HostCheckedF + expect_failure_no_delegate(UPGRADE_REQUEST); + } + ++TEST_F(InspectorSocketTest, HostIPChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 10.0.2.555:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostNegativeIPChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 10.0.-23.255:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpOctetOutOfIntRangeChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = ++ "GET /json HTTP/1.1\r\n" ++ "Host: 127.0.0.4294967296:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpOctetFarOutOfIntRangeChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = ++ "GET /json HTTP/1.1\r\n" ++ "Host: 127.0.0.18446744073709552000:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpEmptyOctetStartChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: .0.0.1:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpEmptyOctetMidChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 127..0.1:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpEmptyOctetEndChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 127.0.0.:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpTooFewOctetsChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 127.0.1:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpTooManyOctetsChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 127.0.0.0.1:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ + } // anonymous namespace diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb index 8dbdd088e..2258cb108 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb @@ -22,6 +22,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://big-endian.patch \ file://mips-warnings.patch \ file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \ + file://CVE-2022-32212.patch \ " SRC_URI_append_class-target = " \ file://0002-Using-native-binaries.patch \ From patchwork Fri Mar 3 12:32:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Omkar Patil X-Patchwork-Id: 20391 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1CA55C678D4 for ; Fri, 3 Mar 2023 12:32:46 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web11.21697.1677846755789687699 for ; Fri, 03 Mar 2023 04:32:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=kdzhgseu; spf=pass (domain: gmail.com, ip: 209.85.216.45, mailfrom: omkarpatil10.93@gmail.com) Received: by mail-pj1-f45.google.com with SMTP id m20-20020a17090ab79400b00239d8e182efso5953101pjr.5 for ; Fri, 03 Mar 2023 04:32:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1677846755; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=y1u6sa1Ka0HSF8n5xCZMnBJ9bRRrmfTra4RB8cuhRWs=; b=kdzhgseuIwO6QhHH2K8UM64NhBTGg9oYKldVDi1NQdA33EgL+pR3A9sm6gz/qOssKS mqfGI/xVR6owIV8rVZ3Z8MumJo1vF7SZDbTDk4awDdJol3Nz1Pnv85V4qRHJMiCxAtzr cHMsykk51dxHbCdG3lUhOfFPuH6xAe6WC4/4bLbhjUqE63klaZGWkgCC5+x1IR9Lk2bV Jf9C1YXxwteBbB7pu7goAm0fDd4N7897W05aRGaCjkPjrn0G2WA5sJqxk80uyhMHkqdi bRoWCxW0XsJbtPzAt4GQZZe3AV1QIPsieCEdj1RqLMw7JmFc1JMfqcAWfBs1NPyA+49D pxbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677846755; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y1u6sa1Ka0HSF8n5xCZMnBJ9bRRrmfTra4RB8cuhRWs=; b=WFL9dUCxYbIoHUgIOQKvquYzVbS6CfOdJR31KP2Y2IasKBh2y20lY3czLhxdxN8aGV +xctHc97531e2JXp9XSeeGeI4S53T1CUdretFhm+ecyX3gV98KKO6auEoeC4oQ5hP5Cw ER37bw0r+UNDNx4WCBgVbZovs4UhLaBNL3053pyEi6MjKrLeLpk58vizcRBbRyYWYOQ9 E4XO0+aEywcBw0OyTuHtgG0R55Z8RCd6C0FYXesn113sKZirM7e1oGvq43uSCquYItf3 iOIsft1e9po/crOO1d1PYNLNL/PYZy9z1VTh7ECsbFhCXNYTckz2dFdqswysyKTZPZz6 kI5g== X-Gm-Message-State: AO0yUKUIKvezIP/MMJPY/Swlayan84N+WAs3OTn4otOsENRc+mjfVsgD naWxuJfriy+tiiBkL7bmbAP/lZGeLIBIHg== X-Google-Smtp-Source: AK7set+l+CTocBK7SjyoHJtuvR0l8NM+ANbCAjVAypXIaqZmZvL7IUYNoIaHB8Pio2whm6xKXJLDng== X-Received: by 2002:a05:6a20:8407:b0:cc:eb3b:56e9 with SMTP id c7-20020a056a20840700b000cceb3b56e9mr2694484pzd.1.1677846754769; Fri, 03 Mar 2023 04:32:34 -0800 (PST) Received: from localhost.localdomain ([27.58.236.238]) by smtp.gmail.com with ESMTPSA id j37-20020a63fc25000000b00478c48cf73csm1449881pgi.82.2023.03.03.04.32.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Mar 2023 04:32:34 -0800 (PST) From: Omkar Patil To: openembedded-devel@lists.openembedded.org, ppjadhav456@gmail.com Cc: ranjitsinh.rathod@kpit.com, Poonam Jadhav , Omkar Patil Subject: [oe][meta-filesystems][dunfell][PATCH 2/4] nodejs: Fix CVE-2022-35255 Date: Fri, 3 Mar 2023 18:02:13 +0530 Message-Id: <20230303123215.296036-2-omkarpatil10.93@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230303123215.296036-1-omkarpatil10.93@gmail.com> References: <20230303123215.296036-1-omkarpatil10.93@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Mar 2023 12:32:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/101348 From: Poonam Jadhav Add patch to fix CVE-2022-35255 Link: https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-35255.patch Signed-off-by: Poonam Jadhav Signed-off-by: Omkar Patil --- .../nodejs/nodejs/CVE-2022-35255.patch | 237 ++++++++++++++++++ .../nodejs/nodejs_12.22.12.bb | 1 + 2 files changed, 238 insertions(+) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-35255.patch diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-35255.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-35255.patch new file mode 100644 index 000000000..e9c2e7404 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-35255.patch @@ -0,0 +1,237 @@ +Origin: https://github.com/nodejs/node/commit/0c2a5723beff39d1f62daec96b5389da3d427e79 +Reviewed-by: Aron Xu +Last-Update: 2022-01-05 +Comment: + Although WebCrypto is not implemented in 12.x series, this fix is introducing + enhancment to the crypto setup of V8:EntropySource(). + +commit 0c2a5723beff39d1f62daec96b5389da3d427e79 +Author: Ben Noordhuis +Date: Sun Sep 11 10:48:34 2022 +0200 + + crypto: fix weak randomness in WebCrypto keygen + + Commit dae283d96f from August 2020 introduced a call to EntropySource() + in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There + are two problems with that: + + 1. It does not check the return value, it assumes EntropySource() always + succeeds, but it can (and sometimes will) fail. + + 2. The random data returned byEntropySource() may not be + cryptographically strong and therefore not suitable as keying + material. + + An example is a freshly booted system or a system without /dev/random or + getrandom(2). + + EntropySource() calls out to openssl's RAND_poll() and RAND_bytes() in a + best-effort attempt to obtain random data. OpenSSL has a built-in CSPRNG + but that can fail to initialize, in which case it's possible either: + + 1. No random data gets written to the output buffer, i.e., the output is + unmodified, or + + 2. Weak random data is written. It's theoretically possible for the + output to be fully predictable because the CSPRNG starts from a + predictable state. + + Replace EntropySource() and CheckEntropy() with new function CSPRNG() + that enforces checking of the return value. Abort on startup when the + entropy pool fails to initialize because that makes it too easy to + compromise the security of the process. + + Refs: https://hackerone.com/bugs?report_id=1690000 + Refs: https://github.com/nodejs/node/pull/35093 + + Reviewed-By: Rafael Gonzaga + Reviewed-By: Tobias Nießen + PR-URL: #346 + Backport-PR-URL: #351 + CVE-ID: CVE-2022-35255 + +CVE: CVE-2022-35255 +Upstream-Status: Backport [https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-35255.patch] +Comment: No hunks refreshed +Signed-off-by: Poonam Jadhav + +Index: nodejs-12.22.12~dfsg/node.gyp +=================================================================== +--- nodejs-12.22.12~dfsg.orig/node.gyp ++++ nodejs-12.22.12~dfsg/node.gyp +@@ -743,6 +743,8 @@ + 'openssl_default_cipher_list%': '', + }, + ++ 'cflags': ['-Werror=unused-result'], ++ + 'defines': [ + 'NODE_ARCH="<(target_arch)"', + 'NODE_PLATFORM="<(OS)"', +Index: nodejs-12.22.12~dfsg/src/node_crypto.cc +=================================================================== +--- nodejs-12.22.12~dfsg.orig/src/node_crypto.cc ++++ nodejs-12.22.12~dfsg/src/node_crypto.cc +@@ -386,48 +386,14 @@ void ThrowCryptoError(Environment* env, + env->isolate()->ThrowException(exception); + } + ++MUST_USE_RESULT CSPRNGResult CSPRNG(void* buffer, size_t length) { ++ do { ++ if (1 == RAND_status()) ++ if (1 == RAND_bytes(static_cast(buffer), length)) ++ return {true}; ++ } while (1 == RAND_poll()); + +-// Ensure that OpenSSL has enough entropy (at least 256 bits) for its PRNG. +-// The entropy pool starts out empty and needs to fill up before the PRNG +-// can be used securely. Once the pool is filled, it never dries up again; +-// its contents is stirred and reused when necessary. +-// +-// OpenSSL normally fills the pool automatically but not when someone starts +-// generating random numbers before the pool is full: in that case OpenSSL +-// keeps lowering the entropy estimate to thwart attackers trying to guess +-// the initial state of the PRNG. +-// +-// When that happens, we will have to wait until enough entropy is available. +-// That should normally never take longer than a few milliseconds. +-// +-// OpenSSL draws from /dev/random and /dev/urandom. While /dev/random may +-// block pending "true" randomness, /dev/urandom is a CSPRNG that doesn't +-// block under normal circumstances. +-// +-// The only time when /dev/urandom may conceivably block is right after boot, +-// when the whole system is still low on entropy. That's not something we can +-// do anything about. +-inline void CheckEntropy() { +- for (;;) { +- int status = RAND_status(); +- CHECK_GE(status, 0); // Cannot fail. +- if (status != 0) +- break; +- +- // Give up, RAND_poll() not supported. +- if (RAND_poll() == 0) +- break; +- } +-} +- +- +-bool EntropySource(unsigned char* buffer, size_t length) { +- // Ensure that OpenSSL's PRNG is properly seeded. +- CheckEntropy(); +- // RAND_bytes() can return 0 to indicate that the entropy data is not truly +- // random. That's okay, it's still better than V8's stock source of entropy, +- // which is /dev/urandom on UNIX platforms and the current time on Windows. +- return RAND_bytes(buffer, length) != -1; ++ return {false}; + } + + void SecureContext::Initialize(Environment* env, Local target) { +@@ -649,9 +615,9 @@ void SecureContext::Init(const FunctionC + // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was + // exposed in the public API. To retain compatibility, install a callback + // which restores the old algorithm. +- if (RAND_bytes(sc->ticket_key_name_, sizeof(sc->ticket_key_name_)) <= 0 || +- RAND_bytes(sc->ticket_key_hmac_, sizeof(sc->ticket_key_hmac_)) <= 0 || +- RAND_bytes(sc->ticket_key_aes_, sizeof(sc->ticket_key_aes_)) <= 0) { ++ if (CSPRNG(sc->ticket_key_name_, sizeof(sc->ticket_key_name_)).is_err() || ++ CSPRNG(sc->ticket_key_hmac_, sizeof(sc->ticket_key_hmac_)).is_err() || ++ CSPRNG(sc->ticket_key_aes_, sizeof(sc->ticket_key_aes_)).is_err()) { + return env->ThrowError("Error generating ticket keys"); + } + SSL_CTX_set_tlsext_ticket_key_cb(sc->ctx_.get(), TicketCompatibilityCallback); +@@ -1643,7 +1609,7 @@ int SecureContext::TicketCompatibilityCa + + if (enc) { + memcpy(name, sc->ticket_key_name_, sizeof(sc->ticket_key_name_)); +- if (RAND_bytes(iv, 16) <= 0 || ++ if (CSPRNG(iv, 16).is_err() || + EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), nullptr, + sc->ticket_key_aes_, iv) <= 0 || + HMAC_Init_ex(hctx, sc->ticket_key_hmac_, sizeof(sc->ticket_key_hmac_), +@@ -5867,8 +5833,7 @@ struct RandomBytesJob : public CryptoJob + : CryptoJob(env), rc(Nothing()) {} + + inline void DoThreadPoolWork() override { +- CheckEntropy(); // Ensure that OpenSSL's PRNG is properly seeded. +- rc = Just(RAND_bytes(data, size)); ++ rc = Just(int(CSPRNG(data, size).is_ok())); + if (0 == rc.FromJust()) errors.Capture(); + } + +@@ -6318,8 +6283,8 @@ class GenerateKeyPairJob : public Crypto + } + + inline bool GenerateKey() { +- // Make sure that the CSPRNG is properly seeded so the results are secure. +- CheckEntropy(); ++ // Make sure that the CSPRNG is properly seeded. ++ CHECK(CSPRNG(nullptr, 0).is_ok()); + + // Create the key generation context. + EVPKeyCtxPointer ctx = config_->Setup(); +Index: nodejs-12.22.12~dfsg/src/node_crypto.h +=================================================================== +--- nodejs-12.22.12~dfsg.orig/src/node_crypto.h ++++ nodejs-12.22.12~dfsg/src/node_crypto.h +@@ -840,7 +840,19 @@ class ECDH final : public BaseObject { + const EC_GROUP* group_; + }; + +-bool EntropySource(unsigned char* buffer, size_t length); ++struct CSPRNGResult { ++ const bool ok; ++ MUST_USE_RESULT bool is_ok() const { return ok; } ++ MUST_USE_RESULT bool is_err() const { return !ok; } ++}; ++ ++// Either succeeds with exactly |length| bytes of cryptographically ++// strong pseudo-random data, or fails. This function may block. ++// Don't assume anything about the contents of |buffer| on error. ++// As a special case, |length == 0| can be used to check if the CSPRNG ++// is properly seeded without consuming entropy. ++MUST_USE_RESULT CSPRNGResult CSPRNG(void* buffer, size_t length); ++ + #ifndef OPENSSL_NO_ENGINE + void SetEngine(const v8::FunctionCallbackInfo& args); + #endif // !OPENSSL_NO_ENGINE +Index: nodejs-12.22.12~dfsg/src/inspector_io.cc +=================================================================== +--- nodejs-12.22.12~dfsg.orig/src/inspector_io.cc ++++ nodejs-12.22.12~dfsg/src/inspector_io.cc +@@ -46,8 +46,7 @@ std::string ScriptPath(uv_loop_t* loop, + // Used ver 4 - with numbers + std::string GenerateID() { + uint16_t buffer[8]; +- CHECK(crypto::EntropySource(reinterpret_cast(buffer), +- sizeof(buffer))); ++ CHECK(crypto::CSPRNG(buffer, sizeof(buffer)).is_ok()); + + char uuid[256]; + snprintf(uuid, sizeof(uuid), "%04x%04x-%04x-%04x-%04x-%04x%04x%04x", +Index: nodejs-12.22.12~dfsg/src/node.cc +=================================================================== +--- nodejs-12.22.12~dfsg.orig/src/node.cc ++++ nodejs-12.22.12~dfsg/src/node.cc +@@ -969,9 +969,17 @@ InitializationResult InitializeOncePerPr + // the random source is properly initialized first. + OPENSSL_init(); + #endif // NODE_FIPS_MODE +- // V8 on Windows doesn't have a good source of entropy. Seed it from +- // OpenSSL's pool. +- V8::SetEntropySource(crypto::EntropySource); ++ // Ensure CSPRNG is properly seeded. ++ CHECK(crypto::CSPRNG(nullptr, 0).is_ok()); ++ ++ V8::SetEntropySource([](unsigned char* buffer, size_t length) { ++ // V8 falls back to very weak entropy when this function fails ++ // and /dev/urandom isn't available. That wouldn't be so bad if ++ // the entropy was only used for Math.random() but it's also used for ++ // hash table and address space layout randomization. Better to abort. ++ CHECK(crypto::CSPRNG(buffer, length).is_ok()); ++ return true; ++ }); + #endif // HAVE_OPENSSL + + per_process::v8_platform.Initialize( diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb index 2258cb108..df9c6010e 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb @@ -23,6 +23,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://mips-warnings.patch \ file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \ file://CVE-2022-32212.patch \ + file://CVE-2022-35255.patch \ " SRC_URI_append_class-target = " \ file://0002-Using-native-binaries.patch \ From patchwork Fri Mar 3 12:32:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Omkar Patil X-Patchwork-Id: 20390 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1DCB2C7EE2F for ; Fri, 3 Mar 2023 12:32:46 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.web11.21698.1677846759058469396 for ; Fri, 03 Mar 2023 04:32:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=HK48O02z; spf=pass (domain: gmail.com, ip: 209.85.214.176, mailfrom: omkarpatil10.93@gmail.com) Received: by mail-pl1-f176.google.com with SMTP id h8so2471199plf.10 for ; Fri, 03 Mar 2023 04:32:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1677846758; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bD6o0QRmL2CQqxYakxO0O5br16Vx0sdO/dJxaSagQpk=; b=HK48O02zTm6Y2NxC6DkfFp+IukheIHQhRh5WFjnxJMdGVuWDpGWkE61WlbcQAIpIh3 C/KCNW4VEdJyirgZzRX71RrQV0n0MkK53Mvr8SZNuMzAq/3VUctZam7c2RnNSCgsbA4D ahThiaS1U3K6zcoixFbM/WRLaxmBuH4jDUfkCDnfTtwGPRF/JHZztYWKlOmk36n6G3qa O7ofrYSA1HU/D5HNpqG2K3D1UrXtaGNz6HEOYveJ33RZ8hJyzPk9bD5bUG+1dutU7yu7 HihWivhGlZryVNIy0XKrX0OPY1hbZRk3OgRo4fKZbq1JV8JmXIfw5e6IaVsUjt0Mvs/3 cx+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677846758; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bD6o0QRmL2CQqxYakxO0O5br16Vx0sdO/dJxaSagQpk=; b=x0uNYDGSNY9ivrCYCIF6ewcGFXVPxoTiJfpPENLncrUjEIcD8PBLFqYWrblBY9bTKP CQ3yjELtJ1sOQXVF7ULXxxR1Ipx2Y6QwnNRLGHSosclhcx2ppqRmUlgimMZyIMrljhJ9 jVPwa2gjYJNQhFTsxw0/5T2a+HpwfKkmb4tqs01Lj0n/98cO+OjQ3fY1j+1sECH/boQd egA7It51XluWBILnr50Pdc4Ek3+Ka3ZuyvXWcmHmZRsPsEgyJMogmAOqhfKWXdiR4mxt rHERCkkgQJE3GybUlQdRlcGyrFlP/tbaBubCZjFt0WMLHFPXe4g3ZQB1ZLozfLeyxHrv vYwQ== X-Gm-Message-State: AO0yUKUWhjsbk/cJ6jCjvil6TsPGaNDjqgczmcPlBFblS9A+Q9gpErgm GrMVnUwYrdLnlMw7ennoYMd2AgKUTnbBHw== X-Google-Smtp-Source: AK7set/5lGjhkyjCHe+vF+HIZQ9F0PUMQ7dJT9xemyhjyQqc7aOM88LobvUrlQXVPMwG/sfClNS+PA== X-Received: by 2002:a17:902:d4c9:b0:19d:90f:6c30 with SMTP id o9-20020a170902d4c900b0019d090f6c30mr1717925plg.49.1677846758163; Fri, 03 Mar 2023 04:32:38 -0800 (PST) Received: from localhost.localdomain ([27.58.236.238]) by smtp.gmail.com with ESMTPSA id j37-20020a63fc25000000b00478c48cf73csm1449881pgi.82.2023.03.03.04.32.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Mar 2023 04:32:37 -0800 (PST) From: Omkar Patil To: openembedded-devel@lists.openembedded.org, ppjadhav456@gmail.com Cc: ranjitsinh.rathod@kpit.com, Poonam Jadhav , Omkar Patil Subject: [oe][meta-filesystems][dunfell][PATCH 3/4] nodejs: Fix CVE-2022-43548 Date: Fri, 3 Mar 2023 18:02:14 +0530 Message-Id: <20230303123215.296036-3-omkarpatil10.93@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230303123215.296036-1-omkarpatil10.93@gmail.com> References: <20230303123215.296036-1-omkarpatil10.93@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Mar 2023 12:32:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/101349 From: Poonam Jadhav Add patch to fix CVE-2022-43548 Link: https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-43548.patch Signed-off-by: Poonam Jadhav Signed-off-by: Omkar Patil --- .../nodejs/nodejs/CVE-2022-43548.patch | 214 ++++++++++++++++++ .../nodejs/nodejs_12.22.12.bb | 1 + 2 files changed, 215 insertions(+) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-43548.patch diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-43548.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-43548.patch new file mode 100644 index 000000000..54da1fba9 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-43548.patch @@ -0,0 +1,214 @@ +commit 2b433af094fb79cf80f086038b7f36342cb6826f +Author: Tobias Nießen +Date: Sun Sep 25 12:34:05 2022 +0000 + + inspector: harden IP address validation again + + Use inet_pton() to parse IP addresses, which restricts IP addresses + to a small number of well-defined formats. In particular, octal and + hexadecimal number formats are not allowed, and neither are leading + zeros. Also explicitly reject 0.0.0.0/8 and ::/128 as non-routable. + + Refs: https://hackerone.com/reports/1710652 + CVE-ID: CVE-2022-43548 + PR-URL: https://github.com/nodejs-private/node-private/pull/354 + Reviewed-by: Michael Dawson + Reviewed-by: Rafael Gonzaga + Reviewed-by: Rich Trott + +CVE: CVE-2022-43548 +Upstream-Status: Backport [https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-43548.patch] +Comment: No hunks refreshed +Signed-off-by: Poonam Jadhav + +Index: nodejs-12.22.12~dfsg/src/inspector_socket.cc +=================================================================== +--- nodejs-12.22.12~dfsg.orig/src/inspector_socket.cc ++++ nodejs-12.22.12~dfsg/src/inspector_socket.cc +@@ -10,6 +10,7 @@ + + #include "openssl/sha.h" // Sha-1 hash + ++#include + #include + #include + +@@ -166,25 +167,71 @@ static std::string TrimPort(const std::s + } + + static bool IsIPAddress(const std::string& host) { +- if (host.length() >= 4 && host.front() == '[' && host.back() == ']') ++ // TODO(tniessen): add CVEs to the following bullet points ++ // To avoid DNS rebinding attacks, we are aware of the following requirements: ++ // * the host name must be an IP address, ++ // * the IP address must be routable, and ++ // * the IP address must be formatted unambiguously. ++ ++ // The logic below assumes that the string is null-terminated, so ensure that ++ // we did not somehow end up with null characters within the string. ++ if (host.find('\0') != std::string::npos) return false; ++ ++ // All IPv6 addresses must be enclosed in square brackets, and anything ++ // enclosed in square brackets must be an IPv6 address. ++ if (host.length() >= 4 && host.front() == '[' && host.back() == ']') { ++ // INET6_ADDRSTRLEN is the maximum length of the dual format (including the ++ // terminating null character), which is the longest possible representation ++ // of an IPv6 address: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:ddd.ddd.ddd.ddd ++ if (host.length() - 2 >= INET6_ADDRSTRLEN) return false; ++ ++ // Annoyingly, libuv's implementation of inet_pton() deviates from other ++ // implementations of the function in that it allows '%' in IPv6 addresses. ++ if (host.find('%') != std::string::npos) return false; ++ ++ // Parse the IPv6 address to ensure it is syntactically valid. ++ char ipv6_str[INET6_ADDRSTRLEN]; ++ std::copy(host.begin() + 1, host.end() - 1, ipv6_str); ++ ipv6_str[host.length()] = '\0'; ++ unsigned char ipv6[sizeof(struct in6_addr)]; ++ if (uv_inet_pton(AF_INET6, ipv6_str, ipv6) != 0) return false; ++ ++ // The only non-routable IPv6 address is ::/128. It should not be necessary ++ // to explicitly reject it because it will still be enclosed in square ++ // brackets and not even macOS should make DNS requests in that case, but ++ // history has taught us that we cannot be careful enough. ++ // Note that RFC 4291 defines both "IPv4-Compatible IPv6 Addresses" and ++ // "IPv4-Mapped IPv6 Addresses", which means that there are IPv6 addresses ++ // (other than ::/128) that represent non-routable IPv4 addresses. However, ++ // this translation assumes that the host is interpreted as an IPv6 address ++ // in the first place, at which point DNS rebinding should not be an issue. ++ if (std::all_of(ipv6, ipv6 + sizeof(ipv6), [](auto b) { return b == 0; })) { ++ return false; ++ } ++ ++ // It is a syntactically valid and routable IPv6 address enclosed in square ++ // brackets. No client should be able to misinterpret this. + return true; +- uint_fast16_t accum = 0; +- uint_fast8_t quads = 0; +- bool empty = true; +- auto endOctet = [&accum, &quads, &empty](bool final = false) { +- return !empty && accum <= 0xff && ++quads <= 4 && final == (quads == 4) && +- (empty = true) && !(accum = 0); +- }; +- for (char c : host) { +- if (isdigit(c)) { +- if ((accum = (accum * 10) + (c - '0')) > 0xff) return false; +- empty = false; +- } else if (c != '.' || !endOctet()) { +- return false; +- } +- } +- return endOctet(true); +-} ++ } ++ ++ // Anything not enclosed in square brackets must be an IPv4 address. It is ++ // important here that inet_pton() accepts only the so-called dotted-decimal ++ // notation, which is a strict subset of the so-called numbers-and-dots ++ // notation that is allowed by inet_aton() and inet_addr(). This subset does ++ // not allow hexadecimal or octal number formats. ++ unsigned char ipv4[sizeof(struct in_addr)]; ++ if (uv_inet_pton(AF_INET, host.c_str(), ipv4) != 0) return false; ++ ++ // The only strictly non-routable IPv4 address is 0.0.0.0, and macOS will make ++ // DNS requests for this IP address, so we need to explicitly reject it. In ++ // fact, we can safely reject all of 0.0.0.0/8 (see Section 3.2 of RFC 791 and ++ // Section 3.2.1.3 of RFC 1122). ++ // Note that inet_pton() stores the IPv4 address in network byte order. ++ if (ipv4[0] == 0) return false; ++ ++ // It is a routable IPv4 address in dotted-decimal notation. ++ return true; ++ } + + // Constants for hybi-10 frame format. + +Index: nodejs-12.22.12~dfsg/test/cctest/test_inspector_socket.cc +=================================================================== +--- nodejs-12.22.12~dfsg.orig/test/cctest/test_inspector_socket.cc ++++ nodejs-12.22.12~dfsg/test/cctest/test_inspector_socket.cc +@@ -925,4 +925,84 @@ TEST_F(InspectorSocketTest, HostIpTooMan + expect_handshake_failure(); + } + ++TEST_F(InspectorSocketTest, HostIpInvalidOctalOctetStartChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 08.1.1.1:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpInvalidOctalOctetMidChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 1.09.1.1:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpInvalidOctalOctetEndChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 1.1.1.009:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpLeadingZeroStartChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 01.1.1.1:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpLeadingZeroMidChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 1.1.001.1:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIpLeadingZeroEndChecked) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: 1.1.1.01:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIPv6NonRoutable) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: [::]:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIPv6NonRoutableDual) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: [::0.0.0.0]:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIPv4InSquareBrackets) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: [127.0.0.1]:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ ++TEST_F(InspectorSocketTest, HostIPv6InvalidAbbreviation) { ++ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" ++ "Host: [:::1]:9229\r\n\r\n"; ++ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), ++ INVALID_HOST_IP_REQUEST.length()); ++ expect_handshake_failure(); ++} ++ + } // anonymous namespace diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb index df9c6010e..70f23de7b 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb @@ -24,6 +24,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \ file://CVE-2022-32212.patch \ file://CVE-2022-35255.patch \ + file://CVE-2022-43548.patch \ " SRC_URI_append_class-target = " \ file://0002-Using-native-binaries.patch \ From patchwork Fri Mar 3 12:32:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Omkar Patil X-Patchwork-Id: 20392 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 517B7C64EC4 for ; Fri, 3 Mar 2023 12:32:46 +0000 (UTC) Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by mx.groups.io with SMTP id smtpd.web10.21698.1677846764368663659 for ; Fri, 03 Mar 2023 04:32:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ChBJC4UZ; spf=pass (domain: gmail.com, ip: 209.85.216.53, mailfrom: omkarpatil10.93@gmail.com) Received: by mail-pj1-f53.google.com with SMTP id oj5so2321674pjb.5 for ; Fri, 03 Mar 2023 04:32:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1677846763; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PJLrtGSBexph3Mc3I19m80EzCvrIwLqlpGwtuyHXc4w=; b=ChBJC4UZnxogD7uNi69z25pXELNE8y0PlmJId9PLoTMVqw7H7D26RwYPlrTOw2VUWo RQi/Q2GKyBLtgAZITFViTuAAeYGX04kwS4fMlNxB6AbpGER0Q9hIhTp07XkWr2ZPhfF1 yMaxbKv7HGMwTnG4QQaw8s2BWx1AqwVYtQMCDV0TJsYqmX+gK1UwqOifMjhDOe9s4QJi gFizcX6KKuVbvmBJLT0diU2e74EIKczvjfe/OxuW159RdFaRdn9LJ9z5IbBy7nhFU1mz 4MjZh5qiJ3OVWewHPUT8r415PQYog/LIRZTnDHr16yoS/h0hK047vdUha2AWQqfKhubK znwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677846763; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PJLrtGSBexph3Mc3I19m80EzCvrIwLqlpGwtuyHXc4w=; b=0lzHE+MQMvkiKPmb8d7Fq94yQ9w/32VQXJ1Q9QasfSuenOUlcXXuFifN7iI4AokK5N mAPI4hBtz26Nrfys4D7GukKlwTD1iR28XpoiFKGJmOrOHt1W49JwBiR5yHFa4JvAxZU6 kLN8SnMTOGERZ+0vF3DLKNAO3HE15fyTHceZAGiJakFG3p7dN7jfLMze2Qz8IFksXHwJ LFHENCjQvu7UNjzwVCNl6RdHUbo0PeFTdtW6IM9OrifGx8cMHi9usPQGnXFod/Po3zij YVkPfHE0iXtVL8eHIbrj5WNulArtTnm2nfYsWA6j7HraN1ZpoFwYehy4B7ch7HLtV03J fW6g== X-Gm-Message-State: AO0yUKVrUNcPel3/Swar1bY12hM2rJy7x91EW4sH7/tErntdBedAzv2T vuIIhL6RcI+shgU4w3YwQcvLjJc5PE4+WQ== X-Google-Smtp-Source: AK7set++2e3kcql58LtW75cduRCJJ+BSjj0VapwjOUyj723bVYRMpx34M9M6cTj8/xZrnqwuTL8JAg== X-Received: by 2002:a05:6a20:7d9e:b0:cd:8ed8:8e1d with SMTP id v30-20020a056a207d9e00b000cd8ed88e1dmr2196445pzj.12.1677846762480; Fri, 03 Mar 2023 04:32:42 -0800 (PST) Received: from localhost.localdomain ([27.58.236.238]) by smtp.gmail.com with ESMTPSA id j37-20020a63fc25000000b00478c48cf73csm1449881pgi.82.2023.03.03.04.32.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Mar 2023 04:32:42 -0800 (PST) From: Omkar Patil To: openembedded-devel@lists.openembedded.org, ppjadhav456@gmail.com Cc: ranjitsinh.rathod@kpit.com, Poonam Jadhav , Omkar Patil Subject: [oe][meta-filesystems][dunfell][PATCH 4/4] nodejs: Fix CVEs for nodejs Date: Fri, 3 Mar 2023 18:02:15 +0530 Message-Id: <20230303123215.296036-4-omkarpatil10.93@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230303123215.296036-1-omkarpatil10.93@gmail.com> References: <20230303123215.296036-1-omkarpatil10.93@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Mar 2023 12:32:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/101350 From: Poonam Jadhav Add patch file CVE-llhttp.patch to fix CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35256 of nodejs. Link: https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-llhttp.patch Signed-off-by: Poonam Jadhav Signed-off-by: Omkar Patil --- .../nodejs/nodejs/CVE-llhttp.patch | 4348 +++++++++++++++++ .../nodejs/nodejs_12.22.12.bb | 1 + 2 files changed, 4349 insertions(+) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-llhttp.patch diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-llhttp.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-llhttp.patch new file mode 100644 index 000000000..790cf92d2 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-llhttp.patch @@ -0,0 +1,4348 @@ +Reviewed-by: Aron Xu +Last-Update: 2023-01-05 +Comment: + This patch updates the embeded copy of llhttp from version 2.1.4 to 2.1.6, + which is upstream's actual fix for CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, + CVE-2022-35256. + Test cases are ported to use mustCall() to replace the later introduced + mustSucceed(), to avoid pulling in too many dependent new test codes. +References: + * https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd + * https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0 + +CVE: CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35256 +Upstream-Status: Backport [https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-llhttp.patch] +Comment: No hunks refreshed +Signed-off-by: Poonam Jadhav + +--- nodejs-12.22.12~dfsg/deps/llhttp/include/llhttp.h ++++ nodejs-12.22.12~dfsg/deps/llhttp/include/llhttp.h +@@ -3,7 +3,7 @@ + + #define LLHTTP_VERSION_MAJOR 2 + #define LLHTTP_VERSION_MINOR 1 +-#define LLHTTP_VERSION_PATCH 4 ++#define LLHTTP_VERSION_PATCH 6 + + #ifndef LLHTTP_STRICT_MODE + # define LLHTTP_STRICT_MODE 0 +@@ -58,6 +58,7 @@ + HPE_OK = 0, + HPE_INTERNAL = 1, + HPE_STRICT = 2, ++ HPE_CR_EXPECTED = 25, + HPE_LF_EXPECTED = 3, + HPE_UNEXPECTED_CONTENT_LENGTH = 4, + HPE_CLOSED_CONNECTION = 5, +@@ -78,7 +79,7 @@ + HPE_CB_CHUNK_COMPLETE = 20, + HPE_PAUSED = 21, + HPE_PAUSED_UPGRADE = 22, +- HPE_USER = 23 ++ HPE_USER = 24 + }; + typedef enum llhttp_errno llhttp_errno_t; + +@@ -153,6 +154,7 @@ + XX(0, OK, OK) \ + XX(1, INTERNAL, INTERNAL) \ + XX(2, STRICT, STRICT) \ ++ XX(25, CR_EXPECTED, CR_EXPECTED) \ + XX(3, LF_EXPECTED, LF_EXPECTED) \ + XX(4, UNEXPECTED_CONTENT_LENGTH, UNEXPECTED_CONTENT_LENGTH) \ + XX(5, CLOSED_CONNECTION, CLOSED_CONNECTION) \ +@@ -173,7 +175,7 @@ + XX(20, CB_CHUNK_COMPLETE, CB_CHUNK_COMPLETE) \ + XX(21, PAUSED, PAUSED) \ + XX(22, PAUSED_UPGRADE, PAUSED_UPGRADE) \ +- XX(23, USER, USER) \ ++ XX(24, USER, USER) \ + + + #define HTTP_METHOD_MAP(XX) \ +--- nodejs-12.22.12~dfsg/deps/llhttp/src/llhttp.c ++++ nodejs-12.22.12~dfsg/deps/llhttp/src/llhttp.c +@@ -325,6 +325,7 @@ + s_n_llhttp__internal__n_header_value_lws, + s_n_llhttp__internal__n_header_value_almost_done, + s_n_llhttp__internal__n_header_value_lenient, ++ s_n_llhttp__internal__n_error_25, + s_n_llhttp__internal__n_header_value_otherwise, + s_n_llhttp__internal__n_header_value_connection_token, + s_n_llhttp__internal__n_header_value_connection_ws, +@@ -332,14 +333,16 @@ + s_n_llhttp__internal__n_header_value_connection_2, + s_n_llhttp__internal__n_header_value_connection_3, + s_n_llhttp__internal__n_header_value_connection, +- s_n_llhttp__internal__n_error_26, + s_n_llhttp__internal__n_error_27, ++ s_n_llhttp__internal__n_error_28, + s_n_llhttp__internal__n_header_value_content_length_ws, + s_n_llhttp__internal__n_header_value_content_length, +- s_n_llhttp__internal__n_header_value_te_chunked_last, ++ s_n_llhttp__internal__n_error_30, ++ s_n_llhttp__internal__n_error_29, + s_n_llhttp__internal__n_header_value_te_token_ows, + s_n_llhttp__internal__n_header_value, + s_n_llhttp__internal__n_header_value_te_token, ++ s_n_llhttp__internal__n_header_value_te_chunked_last, + s_n_llhttp__internal__n_header_value_te_chunked, + s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1, + s_n_llhttp__internal__n_header_value_discard_ws, +@@ -734,7 +737,7 @@ + return 0; + } + +-int llhttp__internal__c_update_header_state_2( ++int llhttp__internal__c_update_header_state_3( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -742,7 +745,7 @@ + return 0; + } + +-int llhttp__internal__c_update_header_state_4( ++int llhttp__internal__c_update_header_state_1( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -750,7 +753,7 @@ + return 0; + } + +-int llhttp__internal__c_update_header_state_5( ++int llhttp__internal__c_update_header_state_6( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -758,7 +761,7 @@ + return 0; + } + +-int llhttp__internal__c_update_header_state_6( ++int llhttp__internal__c_update_header_state_7( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -766,7 +769,7 @@ + return 0; + } + +-int llhttp__internal__c_test_flags_6( ++int llhttp__internal__c_test_flags_7( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -807,6 +810,13 @@ + return 0; + } + ++int llhttp__internal__c_test_flags_8( ++ llhttp__internal_t* state, ++ const unsigned char* p, ++ const unsigned char* endp) { ++ return (state->flags & 8) == 8; ++} ++ + int llhttp__internal__c_or_flags_16( + llhttp__internal_t* state, + const unsigned char* p, +@@ -823,7 +833,7 @@ + return 0; + } + +-int llhttp__internal__c_update_header_state_7( ++int llhttp__internal__c_update_header_state_8( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -831,7 +841,7 @@ + return 0; + } + +-int llhttp__internal__c_or_flags_17( ++int llhttp__internal__c_or_flags_18( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -1554,7 +1564,7 @@ + goto s_n_llhttp__internal__n_header_value_discard_lws; + } + default: { +- goto s_n_llhttp__internal__n_error_22; ++ goto s_n_llhttp__internal__n_error_23; + } + } + /* UNREACHABLE */; +@@ -1567,13 +1577,13 @@ + } + switch (*p) { + case 9: { +- goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; ++ goto s_n_llhttp__internal__n_invoke_load_header_state_3; + } + case ' ': { +- goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; ++ goto s_n_llhttp__internal__n_invoke_load_header_state_3; + } + default: { +- goto s_n_llhttp__internal__n_invoke_load_header_state_3; ++ goto s_n_llhttp__internal__n_invoke_load_header_state_4; + } + } + /* UNREACHABLE */; +@@ -1590,7 +1600,7 @@ + goto s_n_llhttp__internal__n_header_value_lws; + } + default: { +- goto s_n_llhttp__internal__n_error_23; ++ goto s_n_llhttp__internal__n_error_24; + } + } + /* UNREACHABLE */; +@@ -1603,10 +1613,10 @@ + } + switch (*p) { + case 10: { +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_1; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_3; + } + case 13: { +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_3; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_4; + } + default: { + p++; +@@ -1616,20 +1626,27 @@ + /* UNREACHABLE */; + abort(); + } ++ case s_n_llhttp__internal__n_error_25: ++ s_n_llhttp__internal__n_error_25: { ++ state->error = 0xa; ++ state->reason = "Invalid header value char"; ++ state->error_pos = (const char*) p; ++ state->_current = (void*) (intptr_t) s_error; ++ return s_error; ++ /* UNREACHABLE */; ++ abort(); ++ } + case s_n_llhttp__internal__n_header_value_otherwise: + s_n_llhttp__internal__n_header_value_otherwise: { + if (p == endp) { + return s_n_llhttp__internal__n_header_value_otherwise; + } + switch (*p) { +- case 10: { +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_1; +- } + case 13: { +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_1; + } + default: { +- goto s_n_llhttp__internal__n_invoke_test_flags_5; ++ goto s_n_llhttp__internal__n_invoke_test_flags_6; + } + } + /* UNREACHABLE */; +@@ -1692,10 +1709,10 @@ + } + case ',': { + p++; +- goto s_n_llhttp__internal__n_invoke_load_header_state_4; ++ goto s_n_llhttp__internal__n_invoke_load_header_state_5; + } + default: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_4; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_5; + } + } + /* UNREACHABLE */; +@@ -1713,7 +1730,7 @@ + switch (match_seq.status) { + case kMatchComplete: { + p++; +- goto s_n_llhttp__internal__n_invoke_update_header_state_2; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_3; + } + case kMatchPause: { + return s_n_llhttp__internal__n_header_value_connection_1; +@@ -1737,7 +1754,7 @@ + switch (match_seq.status) { + case kMatchComplete: { + p++; +- goto s_n_llhttp__internal__n_invoke_update_header_state_5; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_6; + } + case kMatchPause: { + return s_n_llhttp__internal__n_header_value_connection_2; +@@ -1761,7 +1778,7 @@ + switch (match_seq.status) { + case kMatchComplete: { + p++; +- goto s_n_llhttp__internal__n_invoke_update_header_state_6; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_7; + } + case kMatchPause: { + return s_n_llhttp__internal__n_header_value_connection_3; +@@ -1806,8 +1823,8 @@ + /* UNREACHABLE */; + abort(); + } +- case s_n_llhttp__internal__n_error_26: +- s_n_llhttp__internal__n_error_26: { ++ case s_n_llhttp__internal__n_error_27: ++ s_n_llhttp__internal__n_error_27: { + state->error = 0xb; + state->reason = "Content-Length overflow"; + state->error_pos = (const char*) p; +@@ -1816,8 +1833,8 @@ + /* UNREACHABLE */; + abort(); + } +- case s_n_llhttp__internal__n_error_27: +- s_n_llhttp__internal__n_error_27: { ++ case s_n_llhttp__internal__n_error_28: ++ s_n_llhttp__internal__n_error_28: { + state->error = 0xb; + state->reason = "Invalid character in Content-Length"; + state->error_pos = (const char*) p; +@@ -1843,7 +1860,7 @@ + goto s_n_llhttp__internal__n_header_value_content_length_ws; + } + default: { +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_5; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_6; + } + } + /* UNREACHABLE */; +@@ -1912,26 +1929,23 @@ + /* UNREACHABLE */; + abort(); + } +- case s_n_llhttp__internal__n_header_value_te_chunked_last: +- s_n_llhttp__internal__n_header_value_te_chunked_last: { +- if (p == endp) { +- return s_n_llhttp__internal__n_header_value_te_chunked_last; +- } +- switch (*p) { +- case 10: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_7; +- } +- case 13: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_7; +- } +- case ' ': { +- p++; +- goto s_n_llhttp__internal__n_header_value_te_chunked_last; +- } +- default: { +- goto s_n_llhttp__internal__n_header_value_te_chunked; +- } +- } ++ case s_n_llhttp__internal__n_error_30: ++ s_n_llhttp__internal__n_error_30: { ++ state->error = 0xf; ++ state->reason = "Invalid `Transfer-Encoding` header value"; ++ state->error_pos = (const char*) p; ++ state->_current = (void*) (intptr_t) s_error; ++ return s_error; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ case s_n_llhttp__internal__n_error_29: ++ s_n_llhttp__internal__n_error_29: { ++ state->error = 0xf; ++ state->reason = "Invalid `Transfer-Encoding` header value"; ++ state->error_pos = (const char*) p; ++ state->_current = (void*) (intptr_t) s_error; ++ return s_error; + /* UNREACHABLE */; + abort(); + } +@@ -2048,8 +2062,34 @@ + goto s_n_llhttp__internal__n_header_value_te_token_ows; + } + default: { ++ goto s_n_llhttp__internal__n_invoke_update_header_state_9; ++ } ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ case s_n_llhttp__internal__n_header_value_te_chunked_last: ++ s_n_llhttp__internal__n_header_value_te_chunked_last: { ++ if (p == endp) { ++ return s_n_llhttp__internal__n_header_value_te_chunked_last; ++ } ++ switch (*p) { ++ case 10: { ++ goto s_n_llhttp__internal__n_invoke_update_header_state_8; ++ } ++ case 13: { + goto s_n_llhttp__internal__n_invoke_update_header_state_8; + } ++ case ' ': { ++ p++; ++ goto s_n_llhttp__internal__n_header_value_te_chunked_last; ++ } ++ case ',': { ++ goto s_n_llhttp__internal__n_invoke_load_type_1; ++ } ++ default: { ++ goto s_n_llhttp__internal__n_header_value_te_token; ++ } + } + /* UNREACHABLE */; + abort(); +@@ -2101,7 +2141,7 @@ + } + case 10: { + p++; +- goto s_n_llhttp__internal__n_header_value_discard_lws; ++ goto s_n_llhttp__internal__n_invoke_test_flags_5; + } + case 13: { + p++; +@@ -2128,7 +2168,7 @@ + goto s_n_llhttp__internal__n_span_end_llhttp__on_header_field_2; + } + default: { +- goto s_n_llhttp__internal__n_error_28; ++ goto s_n_llhttp__internal__n_error_31; + } + } + /* UNREACHABLE */; +@@ -2218,7 +2258,7 @@ + goto s_n_llhttp__internal__n_span_end_llhttp__on_header_field_1; + } + default: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_9; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_10; + } + } + /* UNREACHABLE */; +@@ -2243,7 +2283,7 @@ + return s_n_llhttp__internal__n_header_field_3; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -2268,7 +2308,7 @@ + return s_n_llhttp__internal__n_header_field_4; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -2289,7 +2329,7 @@ + goto s_n_llhttp__internal__n_header_field_4; + } + default: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -2313,7 +2353,7 @@ + return s_n_llhttp__internal__n_header_field_1; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -2338,7 +2378,7 @@ + return s_n_llhttp__internal__n_header_field_5; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -2363,7 +2403,7 @@ + return s_n_llhttp__internal__n_header_field_6; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -2388,7 +2428,7 @@ + return s_n_llhttp__internal__n_header_field_7; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -2417,7 +2457,7 @@ + goto s_n_llhttp__internal__n_header_field_7; + } + default: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -2508,7 +2548,7 @@ + goto s_n_llhttp__internal__n_url_to_http_09; + } + default: { +- goto s_n_llhttp__internal__n_error_29; ++ goto s_n_llhttp__internal__n_error_32; + } + } + /* UNREACHABLE */; +@@ -2533,7 +2573,7 @@ + goto s_n_llhttp__internal__n_url_skip_lf_to_http09_1; + } + default: { +- goto s_n_llhttp__internal__n_error_29; ++ goto s_n_llhttp__internal__n_error_32; + } + } + /* UNREACHABLE */; +@@ -2550,7 +2590,7 @@ + goto s_n_llhttp__internal__n_header_field_start; + } + default: { +- goto s_n_llhttp__internal__n_error_30; ++ goto s_n_llhttp__internal__n_error_33; + } + } + /* UNREACHABLE */; +@@ -2571,7 +2611,7 @@ + goto s_n_llhttp__internal__n_req_http_end_1; + } + default: { +- goto s_n_llhttp__internal__n_error_30; ++ goto s_n_llhttp__internal__n_error_33; + } + } + /* UNREACHABLE */; +@@ -2634,7 +2674,7 @@ + goto s_n_llhttp__internal__n_invoke_store_http_minor; + } + default: { +- goto s_n_llhttp__internal__n_error_31; ++ goto s_n_llhttp__internal__n_error_34; + } + } + /* UNREACHABLE */; +@@ -2651,7 +2691,7 @@ + goto s_n_llhttp__internal__n_req_http_minor; + } + default: { +- goto s_n_llhttp__internal__n_error_32; ++ goto s_n_llhttp__internal__n_error_35; + } + } + /* UNREACHABLE */; +@@ -2714,7 +2754,7 @@ + goto s_n_llhttp__internal__n_invoke_store_http_major; + } + default: { +- goto s_n_llhttp__internal__n_error_33; ++ goto s_n_llhttp__internal__n_error_36; + } + } + /* UNREACHABLE */; +@@ -2738,7 +2778,7 @@ + return s_n_llhttp__internal__n_req_http_start_1; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_35; ++ goto s_n_llhttp__internal__n_error_38; + } + } + /* UNREACHABLE */; +@@ -2762,7 +2802,7 @@ + return s_n_llhttp__internal__n_req_http_start_2; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_35; ++ goto s_n_llhttp__internal__n_error_38; + } + } + /* UNREACHABLE */; +@@ -2787,7 +2827,7 @@ + goto s_n_llhttp__internal__n_req_http_start_2; + } + default: { +- goto s_n_llhttp__internal__n_error_35; ++ goto s_n_llhttp__internal__n_error_38; + } + } + /* UNREACHABLE */; +@@ -2878,7 +2918,7 @@ + goto s_n_llhttp__internal__n_url_fragment; + } + default: { +- goto s_n_llhttp__internal__n_error_36; ++ goto s_n_llhttp__internal__n_error_39; + } + } + /* UNREACHABLE */; +@@ -2939,7 +2979,7 @@ + goto s_n_llhttp__internal__n_span_end_stub_query_3; + } + default: { +- goto s_n_llhttp__internal__n_error_37; ++ goto s_n_llhttp__internal__n_error_40; + } + } + /* UNREACHABLE */; +@@ -2977,7 +3017,7 @@ + goto s_n_llhttp__internal__n_url_query; + } + default: { +- goto s_n_llhttp__internal__n_error_38; ++ goto s_n_llhttp__internal__n_error_41; + } + } + /* UNREACHABLE */; +@@ -3102,10 +3142,10 @@ + } + case 8: { + p++; +- goto s_n_llhttp__internal__n_error_39; ++ goto s_n_llhttp__internal__n_error_42; + } + default: { +- goto s_n_llhttp__internal__n_error_40; ++ goto s_n_llhttp__internal__n_error_43; + } + } + /* UNREACHABLE */; +@@ -3164,7 +3204,7 @@ + goto s_n_llhttp__internal__n_url_server_with_at; + } + default: { +- goto s_n_llhttp__internal__n_error_41; ++ goto s_n_llhttp__internal__n_error_44; + } + } + /* UNREACHABLE */; +@@ -3181,7 +3221,7 @@ + goto s_n_llhttp__internal__n_url_server; + } + default: { +- goto s_n_llhttp__internal__n_error_43; ++ goto s_n_llhttp__internal__n_error_46; + } + } + /* UNREACHABLE */; +@@ -3199,7 +3239,7 @@ + } + case 10: { + p++; +- goto s_n_llhttp__internal__n_error_42; ++ goto s_n_llhttp__internal__n_error_45; + } + case 12: { + p++; +@@ -3207,18 +3247,18 @@ + } + case 13: { + p++; +- goto s_n_llhttp__internal__n_error_42; ++ goto s_n_llhttp__internal__n_error_45; + } + case ' ': { + p++; +- goto s_n_llhttp__internal__n_error_42; ++ goto s_n_llhttp__internal__n_error_45; + } + case '/': { + p++; + goto s_n_llhttp__internal__n_url_schema_delim_1; + } + default: { +- goto s_n_llhttp__internal__n_error_43; ++ goto s_n_llhttp__internal__n_error_46; + } + } + /* UNREACHABLE */; +@@ -3264,7 +3304,7 @@ + } + case 2: { + p++; +- goto s_n_llhttp__internal__n_error_42; ++ goto s_n_llhttp__internal__n_error_45; + } + case 3: { + goto s_n_llhttp__internal__n_span_end_stub_schema; +@@ -3274,7 +3314,7 @@ + goto s_n_llhttp__internal__n_url_schema; + } + default: { +- goto s_n_llhttp__internal__n_error_44; ++ goto s_n_llhttp__internal__n_error_47; + } + } + /* UNREACHABLE */; +@@ -3310,7 +3350,7 @@ + } + case 2: { + p++; +- goto s_n_llhttp__internal__n_error_42; ++ goto s_n_llhttp__internal__n_error_45; + } + case 3: { + goto s_n_llhttp__internal__n_span_start_stub_path_2; +@@ -3319,7 +3359,7 @@ + goto s_n_llhttp__internal__n_url_schema; + } + default: { +- goto s_n_llhttp__internal__n_error_45; ++ goto s_n_llhttp__internal__n_error_48; + } + } + /* UNREACHABLE */; +@@ -3417,7 +3457,7 @@ + goto s_n_llhttp__internal__n_req_spaces_before_url; + } + default: { +- goto s_n_llhttp__internal__n_error_46; ++ goto s_n_llhttp__internal__n_error_49; + } + } + /* UNREACHABLE */; +@@ -3442,7 +3482,7 @@ + return s_n_llhttp__internal__n_start_req_1; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3467,7 +3507,7 @@ + return s_n_llhttp__internal__n_start_req_2; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3492,7 +3532,7 @@ + return s_n_llhttp__internal__n_start_req_4; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3517,7 +3557,7 @@ + return s_n_llhttp__internal__n_start_req_6; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3535,7 +3575,7 @@ + goto s_n_llhttp__internal__n_invoke_store_method_1; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3556,7 +3596,7 @@ + goto s_n_llhttp__internal__n_start_req_7; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3577,7 +3617,7 @@ + goto s_n_llhttp__internal__n_start_req_5; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3602,7 +3642,7 @@ + return s_n_llhttp__internal__n_start_req_8; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3627,7 +3667,7 @@ + return s_n_llhttp__internal__n_start_req_9; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3652,7 +3692,7 @@ + return s_n_llhttp__internal__n_start_req_10; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3677,7 +3717,7 @@ + return s_n_llhttp__internal__n_start_req_12; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3702,7 +3742,7 @@ + return s_n_llhttp__internal__n_start_req_13; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3723,7 +3763,7 @@ + goto s_n_llhttp__internal__n_start_req_13; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3748,7 +3788,7 @@ + return s_n_llhttp__internal__n_start_req_15; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3773,7 +3813,7 @@ + return s_n_llhttp__internal__n_start_req_16; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3798,7 +3838,7 @@ + return s_n_llhttp__internal__n_start_req_18; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3823,7 +3863,7 @@ + return s_n_llhttp__internal__n_start_req_20; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3841,7 +3881,7 @@ + goto s_n_llhttp__internal__n_invoke_store_method_1; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3862,7 +3902,7 @@ + goto s_n_llhttp__internal__n_start_req_21; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3883,7 +3923,7 @@ + goto s_n_llhttp__internal__n_start_req_19; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3908,7 +3948,7 @@ + return s_n_llhttp__internal__n_start_req_22; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3937,7 +3977,7 @@ + goto s_n_llhttp__internal__n_start_req_22; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3962,7 +4002,7 @@ + return s_n_llhttp__internal__n_start_req_23; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -3987,7 +4027,7 @@ + return s_n_llhttp__internal__n_start_req_24; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4012,7 +4052,7 @@ + return s_n_llhttp__internal__n_start_req_26; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4037,7 +4077,7 @@ + return s_n_llhttp__internal__n_start_req_27; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4062,7 +4102,7 @@ + return s_n_llhttp__internal__n_start_req_31; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4087,7 +4127,7 @@ + return s_n_llhttp__internal__n_start_req_32; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4108,7 +4148,7 @@ + goto s_n_llhttp__internal__n_start_req_32; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4125,7 +4165,7 @@ + goto s_n_llhttp__internal__n_start_req_30; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4147,7 +4187,7 @@ + goto s_n_llhttp__internal__n_start_req_29; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4172,7 +4212,7 @@ + return s_n_llhttp__internal__n_start_req_34; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4194,7 +4234,7 @@ + goto s_n_llhttp__internal__n_invoke_store_method_1; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4223,7 +4263,7 @@ + goto s_n_llhttp__internal__n_start_req_33; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4248,7 +4288,7 @@ + return s_n_llhttp__internal__n_start_req_37; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4273,7 +4313,7 @@ + return s_n_llhttp__internal__n_start_req_38; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4294,7 +4334,7 @@ + goto s_n_llhttp__internal__n_start_req_38; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4311,7 +4351,7 @@ + goto s_n_llhttp__internal__n_start_req_36; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4336,7 +4376,7 @@ + return s_n_llhttp__internal__n_start_req_40; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4361,7 +4401,7 @@ + return s_n_llhttp__internal__n_start_req_41; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4386,7 +4426,7 @@ + return s_n_llhttp__internal__n_start_req_42; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4411,7 +4451,7 @@ + goto s_n_llhttp__internal__n_start_req_42; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4436,7 +4476,7 @@ + return s_n_llhttp__internal__n_start_req_43; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4461,7 +4501,7 @@ + return s_n_llhttp__internal__n_start_req_46; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4486,7 +4526,7 @@ + return s_n_llhttp__internal__n_start_req_48; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4511,7 +4551,7 @@ + return s_n_llhttp__internal__n_start_req_49; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4532,7 +4572,7 @@ + goto s_n_llhttp__internal__n_start_req_49; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4557,7 +4597,7 @@ + return s_n_llhttp__internal__n_start_req_50; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4582,7 +4622,7 @@ + goto s_n_llhttp__internal__n_start_req_50; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4599,7 +4639,7 @@ + goto s_n_llhttp__internal__n_start_req_45; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4672,7 +4712,7 @@ + goto s_n_llhttp__internal__n_start_req_44; + } + default: { +- goto s_n_llhttp__internal__n_error_55; ++ goto s_n_llhttp__internal__n_error_58; + } + } + /* UNREACHABLE */; +@@ -4689,7 +4729,7 @@ + goto s_n_llhttp__internal__n_header_field_start; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -4764,7 +4804,7 @@ + goto s_n_llhttp__internal__n_res_status_start; + } + default: { +- goto s_n_llhttp__internal__n_error_49; ++ goto s_n_llhttp__internal__n_error_52; + } + } + /* UNREACHABLE */; +@@ -4844,7 +4884,7 @@ + goto s_n_llhttp__internal__n_invoke_update_status_code; + } + default: { +- goto s_n_llhttp__internal__n_error_50; ++ goto s_n_llhttp__internal__n_error_53; + } + } + /* UNREACHABLE */; +@@ -4907,7 +4947,7 @@ + goto s_n_llhttp__internal__n_invoke_store_http_minor_1; + } + default: { +- goto s_n_llhttp__internal__n_error_51; ++ goto s_n_llhttp__internal__n_error_54; + } + } + /* UNREACHABLE */; +@@ -4924,7 +4964,7 @@ + goto s_n_llhttp__internal__n_res_http_minor; + } + default: { +- goto s_n_llhttp__internal__n_error_52; ++ goto s_n_llhttp__internal__n_error_55; + } + } + /* UNREACHABLE */; +@@ -4987,7 +5027,7 @@ + goto s_n_llhttp__internal__n_invoke_store_http_major_1; + } + default: { +- goto s_n_llhttp__internal__n_error_53; ++ goto s_n_llhttp__internal__n_error_56; + } + } + /* UNREACHABLE */; +@@ -5011,7 +5051,7 @@ + return s_n_llhttp__internal__n_start_res; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_56; ++ goto s_n_llhttp__internal__n_error_59; + } + } + /* UNREACHABLE */; +@@ -5036,7 +5076,7 @@ + return s_n_llhttp__internal__n_req_or_res_method_2; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_54; ++ goto s_n_llhttp__internal__n_error_57; + } + } + /* UNREACHABLE */; +@@ -5060,7 +5100,7 @@ + return s_n_llhttp__internal__n_req_or_res_method_3; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_54; ++ goto s_n_llhttp__internal__n_error_57; + } + } + /* UNREACHABLE */; +@@ -5081,7 +5121,7 @@ + goto s_n_llhttp__internal__n_req_or_res_method_3; + } + default: { +- goto s_n_llhttp__internal__n_error_54; ++ goto s_n_llhttp__internal__n_error_57; + } + } + /* UNREACHABLE */; +@@ -5098,7 +5138,7 @@ + goto s_n_llhttp__internal__n_req_or_res_method_1; + } + default: { +- goto s_n_llhttp__internal__n_error_54; ++ goto s_n_llhttp__internal__n_error_57; + } + } + /* UNREACHABLE */; +@@ -5167,7 +5207,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_42: { ++ s_n_llhttp__internal__n_error_45: { + state->error = 0x7; + state->reason = "Invalid characters in url"; + state->error_pos = (const char*) p; +@@ -5655,7 +5695,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_21: { ++ s_n_llhttp__internal__n_error_22: { + state->error = 0xb; + state->reason = "Empty Content-Length"; + state->error_pos = (const char*) p; +@@ -5740,14 +5780,33 @@ + s_n_llhttp__internal__n_invoke_load_header_state: { + switch (llhttp__internal__c_load_header_state(state, p, endp)) { + case 2: +- goto s_n_llhttp__internal__n_error_21; ++ goto s_n_llhttp__internal__n_error_22; + default: + goto s_n_llhttp__internal__n_invoke_load_header_state_1; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_22: { ++ s_n_llhttp__internal__n_error_21: { ++ state->error = 0xa; ++ state->reason = "Invalid header value char"; ++ state->error_pos = (const char*) p; ++ state->_current = (void*) (intptr_t) s_error; ++ return s_error; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_test_flags_5: { ++ switch (llhttp__internal__c_test_flags_2(state, p, endp)) { ++ case 1: ++ goto s_n_llhttp__internal__n_header_value_discard_lws; ++ default: ++ goto s_n_llhttp__internal__n_error_21; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_error_23: { + state->error = 0x2; + state->reason = "Expected LF after CR"; + state->error_pos = (const char*) p; +@@ -5757,6 +5816,24 @@ + abort(); + } + s_n_llhttp__internal__n_invoke_update_header_state_1: { ++ switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { ++ default: ++ goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_load_header_state_3: { ++ switch (llhttp__internal__c_load_header_state(state, p, endp)) { ++ case 8: ++ goto s_n_llhttp__internal__n_invoke_update_header_state_1; ++ default: ++ goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_update_header_state_2: { + switch (llhttp__internal__c_update_header_state(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_field_start; +@@ -5767,7 +5844,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_7: { + switch (llhttp__internal__c_or_flags_3(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_1; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_2; + } + /* UNREACHABLE */; + abort(); +@@ -5775,7 +5852,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_8: { + switch (llhttp__internal__c_or_flags_4(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_1; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_2; + } + /* UNREACHABLE */; + abort(); +@@ -5783,7 +5860,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_9: { + switch (llhttp__internal__c_or_flags_5(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_1; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_2; + } + /* UNREACHABLE */; + abort(); +@@ -5796,7 +5873,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_load_header_state_3: { ++ s_n_llhttp__internal__n_invoke_load_header_state_4: { + switch (llhttp__internal__c_load_header_state(state, p, endp)) { + case 5: + goto s_n_llhttp__internal__n_invoke_or_flags_7; +@@ -5812,7 +5889,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_23: { ++ s_n_llhttp__internal__n_error_24: { + state->error = 0x3; + state->reason = "Missing expected LF after header value"; + state->error_pos = (const char*) p; +@@ -5830,6 +5907,24 @@ + err = llhttp__on_header_value(state, start, p); + if (err != 0) { + state->error = err; ++ state->error_pos = (const char*) (p + 1); ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_header_value_almost_done; ++ return s_error; ++ } ++ p++; ++ goto s_n_llhttp__internal__n_header_value_almost_done; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_3: { ++ const unsigned char* start; ++ int err; ++ ++ start = state->_span_pos0; ++ state->_span_pos0 = NULL; ++ err = llhttp__on_header_value(state, start, p); ++ if (err != 0) { ++ state->error = err; + state->error_pos = (const char*) p; + state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_header_value_almost_done; + return s_error; +@@ -5838,7 +5933,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2: { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_4: { + const unsigned char* start; + int err; + +@@ -5856,7 +5951,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_span_end_llhttp__on_header_value_3: { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2: { + const unsigned char* start; + int err; + +@@ -5865,35 +5960,25 @@ + err = llhttp__on_header_value(state, start, p); + if (err != 0) { + state->error = err; +- state->error_pos = (const char*) (p + 1); +- state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_header_value_almost_done; ++ state->error_pos = (const char*) p; ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_25; + return s_error; + } +- p++; +- goto s_n_llhttp__internal__n_header_value_almost_done; +- /* UNREACHABLE */; +- abort(); +- } +- s_n_llhttp__internal__n_error_24: { +- state->error = 0xa; +- state->reason = "Invalid header value char"; +- state->error_pos = (const char*) p; +- state->_current = (void*) (intptr_t) s_error; +- return s_error; ++ goto s_n_llhttp__internal__n_error_25; + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_test_flags_5: { ++ s_n_llhttp__internal__n_invoke_test_flags_6: { + switch (llhttp__internal__c_test_flags_2(state, p, endp)) { + case 1: + goto s_n_llhttp__internal__n_header_value_lenient; + default: +- goto s_n_llhttp__internal__n_error_24; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_3: { ++ s_n_llhttp__internal__n_invoke_update_header_state_4: { + switch (llhttp__internal__c_update_header_state(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_connection; +@@ -5904,7 +5989,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_11: { + switch (llhttp__internal__c_or_flags_3(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_3; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_4; + } + /* UNREACHABLE */; + abort(); +@@ -5912,7 +5997,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_12: { + switch (llhttp__internal__c_or_flags_4(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_3; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_4; + } + /* UNREACHABLE */; + abort(); +@@ -5920,7 +6005,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_13: { + switch (llhttp__internal__c_or_flags_5(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_3; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_4; + } + /* UNREACHABLE */; + abort(); +@@ -5933,7 +6018,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_load_header_state_4: { ++ s_n_llhttp__internal__n_invoke_load_header_state_5: { + switch (llhttp__internal__c_load_header_state(state, p, endp)) { + case 5: + goto s_n_llhttp__internal__n_invoke_or_flags_11; +@@ -5949,39 +6034,39 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_4: { +- switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_5: { ++ switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_connection_token; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_2: { +- switch (llhttp__internal__c_update_header_state_2(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_3: { ++ switch (llhttp__internal__c_update_header_state_3(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_connection_ws; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_5: { +- switch (llhttp__internal__c_update_header_state_5(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_6: { ++ switch (llhttp__internal__c_update_header_state_6(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_connection_ws; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_6: { +- switch (llhttp__internal__c_update_header_state_6(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_7: { ++ switch (llhttp__internal__c_update_header_state_7(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_connection_ws; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_span_end_llhttp__on_header_value_4: { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_5: { + const unsigned char* start; + int err; + +@@ -5991,17 +6076,17 @@ + if (err != 0) { + state->error = err; + state->error_pos = (const char*) p; +- state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_26; ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_27; + return s_error; + } +- goto s_n_llhttp__internal__n_error_26; ++ goto s_n_llhttp__internal__n_error_27; + /* UNREACHABLE */; + abort(); + } + s_n_llhttp__internal__n_invoke_mul_add_content_length_1: { + switch (llhttp__internal__c_mul_add_content_length_1(state, p, endp, match)) { + case 1: +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_4; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_5; + default: + goto s_n_llhttp__internal__n_header_value_content_length; + } +@@ -6016,7 +6101,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_span_end_llhttp__on_header_value_5: { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_6: { + const unsigned char* start; + int err; + +@@ -6026,14 +6111,14 @@ + if (err != 0) { + state->error = err; + state->error_pos = (const char*) p; +- state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_27; ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_28; + return s_error; + } +- goto s_n_llhttp__internal__n_error_27; ++ goto s_n_llhttp__internal__n_error_28; + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_25: { ++ s_n_llhttp__internal__n_error_26: { + state->error = 0x4; + state->reason = "Duplicate Content-Length"; + state->error_pos = (const char*) p; +@@ -6042,26 +6127,82 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_test_flags_6: { +- switch (llhttp__internal__c_test_flags_6(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_test_flags_7: { ++ switch (llhttp__internal__c_test_flags_7(state, p, endp)) { + case 0: + goto s_n_llhttp__internal__n_header_value_content_length; + default: +- goto s_n_llhttp__internal__n_error_25; ++ goto s_n_llhttp__internal__n_error_26; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_7: { +- switch (llhttp__internal__c_update_header_state_7(state, p, endp)) { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_8: { ++ const unsigned char* start; ++ int err; ++ ++ start = state->_span_pos0; ++ state->_span_pos0 = NULL; ++ err = llhttp__on_header_value(state, start, p); ++ if (err != 0) { ++ state->error = err; ++ state->error_pos = (const char*) (p + 1); ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_30; ++ return s_error; ++ } ++ p++; ++ goto s_n_llhttp__internal__n_error_30; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_update_header_state_8: { ++ switch (llhttp__internal__c_update_header_state_8(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_otherwise; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_8: { +- switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_7: { ++ const unsigned char* start; ++ int err; ++ ++ start = state->_span_pos0; ++ state->_span_pos0 = NULL; ++ err = llhttp__on_header_value(state, start, p); ++ if (err != 0) { ++ state->error = err; ++ state->error_pos = (const char*) (p + 1); ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_29; ++ return s_error; ++ } ++ p++; ++ goto s_n_llhttp__internal__n_error_29; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_test_flags_9: { ++ switch (llhttp__internal__c_test_flags_2(state, p, endp)) { ++ case 0: ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_7; ++ default: ++ goto s_n_llhttp__internal__n_header_value_te_chunked; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_load_type_1: { ++ switch (llhttp__internal__c_load_type(state, p, endp)) { ++ case 1: ++ goto s_n_llhttp__internal__n_invoke_test_flags_9; ++ default: ++ goto s_n_llhttp__internal__n_header_value_te_chunked; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_update_header_state_9: { ++ switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value; + } +@@ -6076,6 +6217,34 @@ + /* UNREACHABLE */; + abort(); + } ++ s_n_llhttp__internal__n_invoke_or_flags_17: { ++ switch (llhttp__internal__c_or_flags_16(state, p, endp)) { ++ default: ++ goto s_n_llhttp__internal__n_invoke_and_flags; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_test_flags_10: { ++ switch (llhttp__internal__c_test_flags_2(state, p, endp)) { ++ case 0: ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_8; ++ default: ++ goto s_n_llhttp__internal__n_invoke_or_flags_17; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_load_type_2: { ++ switch (llhttp__internal__c_load_type(state, p, endp)) { ++ case 1: ++ goto s_n_llhttp__internal__n_invoke_test_flags_10; ++ default: ++ goto s_n_llhttp__internal__n_invoke_or_flags_17; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } + s_n_llhttp__internal__n_invoke_or_flags_16: { + switch (llhttp__internal__c_or_flags_16(state, p, endp)) { + default: +@@ -6084,10 +6253,20 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_or_flags_17: { +- switch (llhttp__internal__c_or_flags_17(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_test_flags_8: { ++ switch (llhttp__internal__c_test_flags_8(state, p, endp)) { ++ case 1: ++ goto s_n_llhttp__internal__n_invoke_load_type_2; + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_8; ++ goto s_n_llhttp__internal__n_invoke_or_flags_16; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_or_flags_18: { ++ switch (llhttp__internal__c_or_flags_18(state, p, endp)) { ++ default: ++ goto s_n_llhttp__internal__n_invoke_update_header_state_9; + } + /* UNREACHABLE */; + abort(); +@@ -6097,11 +6276,11 @@ + case 1: + goto s_n_llhttp__internal__n_header_value_connection; + case 2: +- goto s_n_llhttp__internal__n_invoke_test_flags_6; ++ goto s_n_llhttp__internal__n_invoke_test_flags_7; + case 3: +- goto s_n_llhttp__internal__n_invoke_or_flags_16; ++ goto s_n_llhttp__internal__n_invoke_test_flags_8; + case 4: +- goto s_n_llhttp__internal__n_invoke_or_flags_17; ++ goto s_n_llhttp__internal__n_invoke_or_flags_18; + default: + goto s_n_llhttp__internal__n_header_value; + } +@@ -6144,7 +6323,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_28: { ++ s_n_llhttp__internal__n_error_31: { + state->error = 0xa; + state->reason = "Invalid header token"; + state->error_pos = (const char*) p; +@@ -6153,8 +6332,8 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_9: { +- switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_10: { ++ switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_field_general; + } +@@ -6169,8 +6348,8 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_10: { +- switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_11: { ++ switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_field_general; + } +@@ -6210,7 +6389,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_29: { ++ s_n_llhttp__internal__n_error_32: { + state->error = 0x7; + state->reason = "Expected CRLF"; + state->error_pos = (const char*) p; +@@ -6236,7 +6415,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_30: { ++ s_n_llhttp__internal__n_error_33: { + state->error = 0x9; + state->reason = "Expected CRLF after version"; + state->error_pos = (const char*) p; +@@ -6253,7 +6432,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_31: { ++ s_n_llhttp__internal__n_error_34: { + state->error = 0x9; + state->reason = "Invalid minor version"; + state->error_pos = (const char*) p; +@@ -6262,7 +6441,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_32: { ++ s_n_llhttp__internal__n_error_35: { + state->error = 0x9; + state->reason = "Expected dot"; + state->error_pos = (const char*) p; +@@ -6279,7 +6458,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_33: { ++ s_n_llhttp__internal__n_error_36: { + state->error = 0x9; + state->reason = "Invalid major version"; + state->error_pos = (const char*) p; +@@ -6288,7 +6467,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_35: { ++ s_n_llhttp__internal__n_error_38: { + state->error = 0x8; + state->reason = "Expected HTTP/"; + state->error_pos = (const char*) p; +@@ -6297,7 +6476,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_34: { ++ s_n_llhttp__internal__n_error_37: { + state->error = 0x8; + state->reason = "Expected SOURCE method for ICE/x.x request"; + state->error_pos = (const char*) p; +@@ -6309,7 +6488,7 @@ + s_n_llhttp__internal__n_invoke_is_equal_method_1: { + switch (llhttp__internal__c_is_equal_method_1(state, p, endp)) { + case 0: +- goto s_n_llhttp__internal__n_error_34; ++ goto s_n_llhttp__internal__n_error_37; + default: + goto s_n_llhttp__internal__n_req_http_major; + } +@@ -6384,7 +6563,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_36: { ++ s_n_llhttp__internal__n_error_39: { + state->error = 0x7; + state->reason = "Invalid char in url fragment start"; + state->error_pos = (const char*) p; +@@ -6444,7 +6623,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_37: { ++ s_n_llhttp__internal__n_error_40: { + state->error = 0x7; + state->reason = "Invalid char in url query"; + state->error_pos = (const char*) p; +@@ -6453,7 +6632,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_38: { ++ s_n_llhttp__internal__n_error_41: { + state->error = 0x7; + state->reason = "Invalid char in url path"; + state->error_pos = (const char*) p; +@@ -6564,7 +6743,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_39: { ++ s_n_llhttp__internal__n_error_42: { + state->error = 0x7; + state->reason = "Double @ in url"; + state->error_pos = (const char*) p; +@@ -6573,7 +6752,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_40: { ++ s_n_llhttp__internal__n_error_43: { + state->error = 0x7; + state->reason = "Unexpected char in url server"; + state->error_pos = (const char*) p; +@@ -6582,7 +6761,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_41: { ++ s_n_llhttp__internal__n_error_44: { + state->error = 0x7; + state->reason = "Unexpected char in url server"; + state->error_pos = (const char*) p; +@@ -6591,7 +6770,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_43: { ++ s_n_llhttp__internal__n_error_46: { + state->error = 0x7; + state->reason = "Unexpected char in url schema"; + state->error_pos = (const char*) p; +@@ -6600,7 +6779,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_44: { ++ s_n_llhttp__internal__n_error_47: { + state->error = 0x7; + state->reason = "Unexpected char in url schema"; + state->error_pos = (const char*) p; +@@ -6609,7 +6788,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_45: { ++ s_n_llhttp__internal__n_error_48: { + state->error = 0x7; + state->reason = "Unexpected start char in url"; + state->error_pos = (const char*) p; +@@ -6628,7 +6807,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_46: { ++ s_n_llhttp__internal__n_error_49: { + state->error = 0x6; + state->reason = "Expected space after method"; + state->error_pos = (const char*) p; +@@ -6645,7 +6824,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_55: { ++ s_n_llhttp__internal__n_error_58: { + state->error = 0x6; + state->reason = "Invalid method encountered"; + state->error_pos = (const char*) p; +@@ -6654,7 +6833,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_47: { ++ s_n_llhttp__internal__n_error_50: { + state->error = 0xd; + state->reason = "Response overflow"; + state->error_pos = (const char*) p; +@@ -6666,14 +6845,14 @@ + s_n_llhttp__internal__n_invoke_mul_add_status_code: { + switch (llhttp__internal__c_mul_add_status_code(state, p, endp, match)) { + case 1: +- goto s_n_llhttp__internal__n_error_47; ++ goto s_n_llhttp__internal__n_error_50; + default: + goto s_n_llhttp__internal__n_res_status_code; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_48: { ++ s_n_llhttp__internal__n_error_51: { + state->error = 0x2; + state->reason = "Expected LF after CR"; + state->error_pos = (const char*) p; +@@ -6718,7 +6897,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_49: { ++ s_n_llhttp__internal__n_error_52: { + state->error = 0xd; + state->reason = "Invalid response status"; + state->error_pos = (const char*) p; +@@ -6735,7 +6914,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_50: { ++ s_n_llhttp__internal__n_error_53: { + state->error = 0x9; + state->reason = "Expected space after version"; + state->error_pos = (const char*) p; +@@ -6752,7 +6931,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_51: { ++ s_n_llhttp__internal__n_error_54: { + state->error = 0x9; + state->reason = "Invalid minor version"; + state->error_pos = (const char*) p; +@@ -6761,7 +6940,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_52: { ++ s_n_llhttp__internal__n_error_55: { + state->error = 0x9; + state->reason = "Expected dot"; + state->error_pos = (const char*) p; +@@ -6778,7 +6957,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_53: { ++ s_n_llhttp__internal__n_error_56: { + state->error = 0x9; + state->reason = "Invalid major version"; + state->error_pos = (const char*) p; +@@ -6787,7 +6966,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_56: { ++ s_n_llhttp__internal__n_error_59: { + state->error = 0x8; + state->reason = "Expected HTTP/"; + state->error_pos = (const char*) p; +@@ -6812,7 +6991,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_54: { ++ s_n_llhttp__internal__n_error_57: { + state->error = 0x8; + state->reason = "Invalid word encountered"; + state->error_pos = (const char*) p; +@@ -7244,6 +7423,7 @@ + s_n_llhttp__internal__n_header_value_lws, + s_n_llhttp__internal__n_header_value_almost_done, + s_n_llhttp__internal__n_header_value_lenient, ++ s_n_llhttp__internal__n_error_19, + s_n_llhttp__internal__n_header_value_otherwise, + s_n_llhttp__internal__n_header_value_connection_token, + s_n_llhttp__internal__n_header_value_connection_ws, +@@ -7251,14 +7431,16 @@ + s_n_llhttp__internal__n_header_value_connection_2, + s_n_llhttp__internal__n_header_value_connection_3, + s_n_llhttp__internal__n_header_value_connection, +- s_n_llhttp__internal__n_error_20, + s_n_llhttp__internal__n_error_21, ++ s_n_llhttp__internal__n_error_22, + s_n_llhttp__internal__n_header_value_content_length_ws, + s_n_llhttp__internal__n_header_value_content_length, +- s_n_llhttp__internal__n_header_value_te_chunked_last, ++ s_n_llhttp__internal__n_error_24, ++ s_n_llhttp__internal__n_error_23, + s_n_llhttp__internal__n_header_value_te_token_ows, + s_n_llhttp__internal__n_header_value, + s_n_llhttp__internal__n_header_value_te_token, ++ s_n_llhttp__internal__n_header_value_te_chunked_last, + s_n_llhttp__internal__n_header_value_te_chunked, + s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1, + s_n_llhttp__internal__n_header_value_discard_ws, +@@ -7648,7 +7830,7 @@ + return 0; + } + +-int llhttp__internal__c_update_header_state_2( ++int llhttp__internal__c_update_header_state_3( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -7656,7 +7838,7 @@ + return 0; + } + +-int llhttp__internal__c_update_header_state_4( ++int llhttp__internal__c_update_header_state_1( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -7664,7 +7846,7 @@ + return 0; + } + +-int llhttp__internal__c_update_header_state_5( ++int llhttp__internal__c_update_header_state_6( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -7672,7 +7854,7 @@ + return 0; + } + +-int llhttp__internal__c_update_header_state_6( ++int llhttp__internal__c_update_header_state_7( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -7680,7 +7862,7 @@ + return 0; + } + +-int llhttp__internal__c_test_flags_6( ++int llhttp__internal__c_test_flags_7( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -7721,6 +7903,13 @@ + return 0; + } + ++int llhttp__internal__c_test_flags_8( ++ llhttp__internal_t* state, ++ const unsigned char* p, ++ const unsigned char* endp) { ++ return (state->flags & 8) == 8; ++} ++ + int llhttp__internal__c_or_flags_16( + llhttp__internal_t* state, + const unsigned char* p, +@@ -7737,7 +7926,7 @@ + return 0; + } + +-int llhttp__internal__c_update_header_state_7( ++int llhttp__internal__c_update_header_state_8( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -7745,7 +7934,7 @@ + return 0; + } + +-int llhttp__internal__c_or_flags_17( ++int llhttp__internal__c_or_flags_18( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { +@@ -8432,13 +8621,13 @@ + } + switch (*p) { + case 9: { +- goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; ++ goto s_n_llhttp__internal__n_invoke_load_header_state_3; + } + case ' ': { +- goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; ++ goto s_n_llhttp__internal__n_invoke_load_header_state_3; + } + default: { +- goto s_n_llhttp__internal__n_invoke_load_header_state_3; ++ goto s_n_llhttp__internal__n_invoke_load_header_state_4; + } + } + /* UNREACHABLE */; +@@ -8455,7 +8644,7 @@ + goto s_n_llhttp__internal__n_header_value_lws; + } + default: { +- goto s_n_llhttp__internal__n_error_17; ++ goto s_n_llhttp__internal__n_error_18; + } + } + /* UNREACHABLE */; +@@ -8468,10 +8657,10 @@ + } + switch (*p) { + case 10: { +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_1; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_3; + } + case 13: { +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_3; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_4; + } + default: { + p++; +@@ -8481,20 +8670,27 @@ + /* UNREACHABLE */; + abort(); + } ++ case s_n_llhttp__internal__n_error_19: ++ s_n_llhttp__internal__n_error_19: { ++ state->error = 0xa; ++ state->reason = "Invalid header value char"; ++ state->error_pos = (const char*) p; ++ state->_current = (void*) (intptr_t) s_error; ++ return s_error; ++ /* UNREACHABLE */; ++ abort(); ++ } + case s_n_llhttp__internal__n_header_value_otherwise: + s_n_llhttp__internal__n_header_value_otherwise: { + if (p == endp) { + return s_n_llhttp__internal__n_header_value_otherwise; + } + switch (*p) { +- case 10: { +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_1; +- } + case 13: { +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_1; + } + default: { +- goto s_n_llhttp__internal__n_invoke_test_flags_5; ++ goto s_n_llhttp__internal__n_invoke_test_flags_6; + } + } + /* UNREACHABLE */; +@@ -8557,10 +8753,10 @@ + } + case ',': { + p++; +- goto s_n_llhttp__internal__n_invoke_load_header_state_4; ++ goto s_n_llhttp__internal__n_invoke_load_header_state_5; + } + default: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_4; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_5; + } + } + /* UNREACHABLE */; +@@ -8578,7 +8774,7 @@ + switch (match_seq.status) { + case kMatchComplete: { + p++; +- goto s_n_llhttp__internal__n_invoke_update_header_state_2; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_3; + } + case kMatchPause: { + return s_n_llhttp__internal__n_header_value_connection_1; +@@ -8602,7 +8798,7 @@ + switch (match_seq.status) { + case kMatchComplete: { + p++; +- goto s_n_llhttp__internal__n_invoke_update_header_state_5; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_6; + } + case kMatchPause: { + return s_n_llhttp__internal__n_header_value_connection_2; +@@ -8626,7 +8822,7 @@ + switch (match_seq.status) { + case kMatchComplete: { + p++; +- goto s_n_llhttp__internal__n_invoke_update_header_state_6; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_7; + } + case kMatchPause: { + return s_n_llhttp__internal__n_header_value_connection_3; +@@ -8671,8 +8867,8 @@ + /* UNREACHABLE */; + abort(); + } +- case s_n_llhttp__internal__n_error_20: +- s_n_llhttp__internal__n_error_20: { ++ case s_n_llhttp__internal__n_error_21: ++ s_n_llhttp__internal__n_error_21: { + state->error = 0xb; + state->reason = "Content-Length overflow"; + state->error_pos = (const char*) p; +@@ -8681,8 +8877,8 @@ + /* UNREACHABLE */; + abort(); + } +- case s_n_llhttp__internal__n_error_21: +- s_n_llhttp__internal__n_error_21: { ++ case s_n_llhttp__internal__n_error_22: ++ s_n_llhttp__internal__n_error_22: { + state->error = 0xb; + state->reason = "Invalid character in Content-Length"; + state->error_pos = (const char*) p; +@@ -8708,7 +8904,7 @@ + goto s_n_llhttp__internal__n_header_value_content_length_ws; + } + default: { +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_5; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_6; + } + } + /* UNREACHABLE */; +@@ -8777,26 +8973,23 @@ + /* UNREACHABLE */; + abort(); + } +- case s_n_llhttp__internal__n_header_value_te_chunked_last: +- s_n_llhttp__internal__n_header_value_te_chunked_last: { +- if (p == endp) { +- return s_n_llhttp__internal__n_header_value_te_chunked_last; +- } +- switch (*p) { +- case 10: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_7; +- } +- case 13: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_7; +- } +- case ' ': { +- p++; +- goto s_n_llhttp__internal__n_header_value_te_chunked_last; +- } +- default: { +- goto s_n_llhttp__internal__n_header_value_te_chunked; +- } +- } ++ case s_n_llhttp__internal__n_error_24: ++ s_n_llhttp__internal__n_error_24: { ++ state->error = 0xf; ++ state->reason = "Invalid `Transfer-Encoding` header value"; ++ state->error_pos = (const char*) p; ++ state->_current = (void*) (intptr_t) s_error; ++ return s_error; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ case s_n_llhttp__internal__n_error_23: ++ s_n_llhttp__internal__n_error_23: { ++ state->error = 0xf; ++ state->reason = "Invalid `Transfer-Encoding` header value"; ++ state->error_pos = (const char*) p; ++ state->_current = (void*) (intptr_t) s_error; ++ return s_error; + /* UNREACHABLE */; + abort(); + } +@@ -8913,8 +9106,34 @@ + goto s_n_llhttp__internal__n_header_value_te_token_ows; + } + default: { ++ goto s_n_llhttp__internal__n_invoke_update_header_state_9; ++ } ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ case s_n_llhttp__internal__n_header_value_te_chunked_last: ++ s_n_llhttp__internal__n_header_value_te_chunked_last: { ++ if (p == endp) { ++ return s_n_llhttp__internal__n_header_value_te_chunked_last; ++ } ++ switch (*p) { ++ case 10: { + goto s_n_llhttp__internal__n_invoke_update_header_state_8; + } ++ case 13: { ++ goto s_n_llhttp__internal__n_invoke_update_header_state_8; ++ } ++ case ' ': { ++ p++; ++ goto s_n_llhttp__internal__n_header_value_te_chunked_last; ++ } ++ case ',': { ++ goto s_n_llhttp__internal__n_invoke_load_type_1; ++ } ++ default: { ++ goto s_n_llhttp__internal__n_header_value_te_token; ++ } + } + /* UNREACHABLE */; + abort(); +@@ -8966,7 +9185,7 @@ + } + case 10: { + p++; +- goto s_n_llhttp__internal__n_header_value_discard_lws; ++ goto s_n_llhttp__internal__n_invoke_test_flags_5; + } + case 13: { + p++; +@@ -8993,7 +9212,7 @@ + goto s_n_llhttp__internal__n_span_end_llhttp__on_header_field_2; + } + default: { +- goto s_n_llhttp__internal__n_error_22; ++ goto s_n_llhttp__internal__n_error_25; + } + } + /* UNREACHABLE */; +@@ -9083,7 +9302,7 @@ + goto s_n_llhttp__internal__n_span_end_llhttp__on_header_field_1; + } + default: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_9; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_10; + } + } + /* UNREACHABLE */; +@@ -9108,7 +9327,7 @@ + return s_n_llhttp__internal__n_header_field_3; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -9133,7 +9352,7 @@ + return s_n_llhttp__internal__n_header_field_4; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -9154,7 +9373,7 @@ + goto s_n_llhttp__internal__n_header_field_4; + } + default: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -9178,7 +9397,7 @@ + return s_n_llhttp__internal__n_header_field_1; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -9203,7 +9422,7 @@ + return s_n_llhttp__internal__n_header_field_5; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -9228,7 +9447,7 @@ + return s_n_llhttp__internal__n_header_field_6; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -9253,7 +9472,7 @@ + return s_n_llhttp__internal__n_header_field_7; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -9282,7 +9501,7 @@ + goto s_n_llhttp__internal__n_header_field_7; + } + default: { +- goto s_n_llhttp__internal__n_invoke_update_header_state_10; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_11; + } + } + /* UNREACHABLE */; +@@ -9347,7 +9566,7 @@ + return s_n_llhttp__internal__n_url_skip_lf_to_http09; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_23; ++ goto s_n_llhttp__internal__n_error_26; + } + } + /* UNREACHABLE */; +@@ -9364,7 +9583,7 @@ + goto s_n_llhttp__internal__n_header_field_start; + } + default: { +- goto s_n_llhttp__internal__n_error_24; ++ goto s_n_llhttp__internal__n_error_27; + } + } + /* UNREACHABLE */; +@@ -9385,7 +9604,7 @@ + goto s_n_llhttp__internal__n_req_http_end_1; + } + default: { +- goto s_n_llhttp__internal__n_error_24; ++ goto s_n_llhttp__internal__n_error_27; + } + } + /* UNREACHABLE */; +@@ -9448,7 +9667,7 @@ + goto s_n_llhttp__internal__n_invoke_store_http_minor; + } + default: { +- goto s_n_llhttp__internal__n_error_25; ++ goto s_n_llhttp__internal__n_error_28; + } + } + /* UNREACHABLE */; +@@ -9465,7 +9684,7 @@ + goto s_n_llhttp__internal__n_req_http_minor; + } + default: { +- goto s_n_llhttp__internal__n_error_26; ++ goto s_n_llhttp__internal__n_error_29; + } + } + /* UNREACHABLE */; +@@ -9528,7 +9747,7 @@ + goto s_n_llhttp__internal__n_invoke_store_http_major; + } + default: { +- goto s_n_llhttp__internal__n_error_27; ++ goto s_n_llhttp__internal__n_error_30; + } + } + /* UNREACHABLE */; +@@ -9552,7 +9771,7 @@ + return s_n_llhttp__internal__n_req_http_start_1; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_29; ++ goto s_n_llhttp__internal__n_error_32; + } + } + /* UNREACHABLE */; +@@ -9576,7 +9795,7 @@ + return s_n_llhttp__internal__n_req_http_start_2; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_29; ++ goto s_n_llhttp__internal__n_error_32; + } + } + /* UNREACHABLE */; +@@ -9601,7 +9820,7 @@ + goto s_n_llhttp__internal__n_req_http_start_2; + } + default: { +- goto s_n_llhttp__internal__n_error_29; ++ goto s_n_llhttp__internal__n_error_32; + } + } + /* UNREACHABLE */; +@@ -9655,7 +9874,7 @@ + goto s_n_llhttp__internal__n_span_end_llhttp__on_url_8; + } + default: { +- goto s_n_llhttp__internal__n_error_30; ++ goto s_n_llhttp__internal__n_error_33; + } + } + /* UNREACHABLE */; +@@ -9712,7 +9931,7 @@ + goto s_n_llhttp__internal__n_span_end_stub_query_3; + } + default: { +- goto s_n_llhttp__internal__n_error_31; ++ goto s_n_llhttp__internal__n_error_34; + } + } + /* UNREACHABLE */; +@@ -9742,7 +9961,7 @@ + goto s_n_llhttp__internal__n_url_query; + } + default: { +- goto s_n_llhttp__internal__n_error_32; ++ goto s_n_llhttp__internal__n_error_35; + } + } + /* UNREACHABLE */; +@@ -9883,10 +10102,10 @@ + } + case 7: { + p++; +- goto s_n_llhttp__internal__n_error_33; ++ goto s_n_llhttp__internal__n_error_36; + } + default: { +- goto s_n_llhttp__internal__n_error_34; ++ goto s_n_llhttp__internal__n_error_37; + } + } + /* UNREACHABLE */; +@@ -9941,7 +10160,7 @@ + goto s_n_llhttp__internal__n_url_server_with_at; + } + default: { +- goto s_n_llhttp__internal__n_error_35; ++ goto s_n_llhttp__internal__n_error_38; + } + } + /* UNREACHABLE */; +@@ -9958,7 +10177,7 @@ + goto s_n_llhttp__internal__n_url_server; + } + default: { +- goto s_n_llhttp__internal__n_error_37; ++ goto s_n_llhttp__internal__n_error_40; + } + } + /* UNREACHABLE */; +@@ -9972,22 +10191,22 @@ + switch (*p) { + case 10: { + p++; +- goto s_n_llhttp__internal__n_error_36; ++ goto s_n_llhttp__internal__n_error_39; + } + case 13: { + p++; +- goto s_n_llhttp__internal__n_error_36; ++ goto s_n_llhttp__internal__n_error_39; + } + case ' ': { + p++; +- goto s_n_llhttp__internal__n_error_36; ++ goto s_n_llhttp__internal__n_error_39; + } + case '/': { + p++; + goto s_n_llhttp__internal__n_url_schema_delim_1; + } + default: { +- goto s_n_llhttp__internal__n_error_37; ++ goto s_n_llhttp__internal__n_error_40; + } + } + /* UNREACHABLE */; +@@ -10029,7 +10248,7 @@ + switch (lookup_table[(uint8_t) *p]) { + case 1: { + p++; +- goto s_n_llhttp__internal__n_error_36; ++ goto s_n_llhttp__internal__n_error_39; + } + case 2: { + goto s_n_llhttp__internal__n_span_end_stub_schema; +@@ -10039,7 +10258,7 @@ + goto s_n_llhttp__internal__n_url_schema; + } + default: { +- goto s_n_llhttp__internal__n_error_38; ++ goto s_n_llhttp__internal__n_error_41; + } + } + /* UNREACHABLE */; +@@ -10071,7 +10290,7 @@ + switch (lookup_table[(uint8_t) *p]) { + case 1: { + p++; +- goto s_n_llhttp__internal__n_error_36; ++ goto s_n_llhttp__internal__n_error_39; + } + case 2: { + goto s_n_llhttp__internal__n_span_start_stub_path_2; +@@ -10080,7 +10299,7 @@ + goto s_n_llhttp__internal__n_url_schema; + } + default: { +- goto s_n_llhttp__internal__n_error_39; ++ goto s_n_llhttp__internal__n_error_42; + } + } + /* UNREACHABLE */; +@@ -10136,7 +10355,7 @@ + goto s_n_llhttp__internal__n_req_spaces_before_url; + } + default: { +- goto s_n_llhttp__internal__n_error_40; ++ goto s_n_llhttp__internal__n_error_43; + } + } + /* UNREACHABLE */; +@@ -10161,7 +10380,7 @@ + return s_n_llhttp__internal__n_start_req_1; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10186,7 +10405,7 @@ + return s_n_llhttp__internal__n_start_req_2; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10211,7 +10430,7 @@ + return s_n_llhttp__internal__n_start_req_4; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10236,7 +10455,7 @@ + return s_n_llhttp__internal__n_start_req_6; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10254,7 +10473,7 @@ + goto s_n_llhttp__internal__n_invoke_store_method_1; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10275,7 +10494,7 @@ + goto s_n_llhttp__internal__n_start_req_7; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10296,7 +10515,7 @@ + goto s_n_llhttp__internal__n_start_req_5; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10321,7 +10540,7 @@ + return s_n_llhttp__internal__n_start_req_8; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10346,7 +10565,7 @@ + return s_n_llhttp__internal__n_start_req_9; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10371,7 +10590,7 @@ + return s_n_llhttp__internal__n_start_req_10; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10396,7 +10615,7 @@ + return s_n_llhttp__internal__n_start_req_12; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10421,7 +10640,7 @@ + return s_n_llhttp__internal__n_start_req_13; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10442,7 +10661,7 @@ + goto s_n_llhttp__internal__n_start_req_13; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10467,7 +10686,7 @@ + return s_n_llhttp__internal__n_start_req_15; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10492,7 +10711,7 @@ + return s_n_llhttp__internal__n_start_req_16; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10517,7 +10736,7 @@ + return s_n_llhttp__internal__n_start_req_18; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10542,7 +10761,7 @@ + return s_n_llhttp__internal__n_start_req_20; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10560,7 +10779,7 @@ + goto s_n_llhttp__internal__n_invoke_store_method_1; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10581,7 +10800,7 @@ + goto s_n_llhttp__internal__n_start_req_21; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10602,7 +10821,7 @@ + goto s_n_llhttp__internal__n_start_req_19; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10627,7 +10846,7 @@ + return s_n_llhttp__internal__n_start_req_22; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10656,7 +10875,7 @@ + goto s_n_llhttp__internal__n_start_req_22; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10681,7 +10900,7 @@ + return s_n_llhttp__internal__n_start_req_23; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10706,7 +10925,7 @@ + return s_n_llhttp__internal__n_start_req_24; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10731,7 +10950,7 @@ + return s_n_llhttp__internal__n_start_req_26; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10756,7 +10975,7 @@ + return s_n_llhttp__internal__n_start_req_27; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10781,7 +11000,7 @@ + return s_n_llhttp__internal__n_start_req_31; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10806,7 +11025,7 @@ + return s_n_llhttp__internal__n_start_req_32; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10827,7 +11046,7 @@ + goto s_n_llhttp__internal__n_start_req_32; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10844,7 +11063,7 @@ + goto s_n_llhttp__internal__n_start_req_30; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10866,7 +11085,7 @@ + goto s_n_llhttp__internal__n_start_req_29; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10891,7 +11110,7 @@ + return s_n_llhttp__internal__n_start_req_34; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10913,7 +11132,7 @@ + goto s_n_llhttp__internal__n_invoke_store_method_1; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10942,7 +11161,7 @@ + goto s_n_llhttp__internal__n_start_req_33; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10967,7 +11186,7 @@ + return s_n_llhttp__internal__n_start_req_37; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -10992,7 +11211,7 @@ + return s_n_llhttp__internal__n_start_req_38; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11013,7 +11232,7 @@ + goto s_n_llhttp__internal__n_start_req_38; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11030,7 +11249,7 @@ + goto s_n_llhttp__internal__n_start_req_36; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11055,7 +11274,7 @@ + return s_n_llhttp__internal__n_start_req_40; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11080,7 +11299,7 @@ + return s_n_llhttp__internal__n_start_req_41; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11105,7 +11324,7 @@ + return s_n_llhttp__internal__n_start_req_42; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11130,7 +11349,7 @@ + goto s_n_llhttp__internal__n_start_req_42; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11155,7 +11374,7 @@ + return s_n_llhttp__internal__n_start_req_43; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11180,7 +11399,7 @@ + return s_n_llhttp__internal__n_start_req_46; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11205,7 +11424,7 @@ + return s_n_llhttp__internal__n_start_req_48; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11230,7 +11449,7 @@ + return s_n_llhttp__internal__n_start_req_49; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11251,7 +11470,7 @@ + goto s_n_llhttp__internal__n_start_req_49; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11276,7 +11495,7 @@ + return s_n_llhttp__internal__n_start_req_50; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11301,7 +11520,7 @@ + goto s_n_llhttp__internal__n_start_req_50; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11318,7 +11537,7 @@ + goto s_n_llhttp__internal__n_start_req_45; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11391,7 +11610,7 @@ + goto s_n_llhttp__internal__n_start_req_44; + } + default: { +- goto s_n_llhttp__internal__n_error_48; ++ goto s_n_llhttp__internal__n_error_51; + } + } + /* UNREACHABLE */; +@@ -11476,7 +11695,7 @@ + goto s_n_llhttp__internal__n_res_status_start; + } + default: { +- goto s_n_llhttp__internal__n_error_42; ++ goto s_n_llhttp__internal__n_error_45; + } + } + /* UNREACHABLE */; +@@ -11556,7 +11775,7 @@ + goto s_n_llhttp__internal__n_invoke_update_status_code; + } + default: { +- goto s_n_llhttp__internal__n_error_43; ++ goto s_n_llhttp__internal__n_error_46; + } + } + /* UNREACHABLE */; +@@ -11619,7 +11838,7 @@ + goto s_n_llhttp__internal__n_invoke_store_http_minor_1; + } + default: { +- goto s_n_llhttp__internal__n_error_44; ++ goto s_n_llhttp__internal__n_error_47; + } + } + /* UNREACHABLE */; +@@ -11636,7 +11855,7 @@ + goto s_n_llhttp__internal__n_res_http_minor; + } + default: { +- goto s_n_llhttp__internal__n_error_45; ++ goto s_n_llhttp__internal__n_error_48; + } + } + /* UNREACHABLE */; +@@ -11699,7 +11918,7 @@ + goto s_n_llhttp__internal__n_invoke_store_http_major_1; + } + default: { +- goto s_n_llhttp__internal__n_error_46; ++ goto s_n_llhttp__internal__n_error_49; + } + } + /* UNREACHABLE */; +@@ -11723,7 +11942,7 @@ + return s_n_llhttp__internal__n_start_res; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_49; ++ goto s_n_llhttp__internal__n_error_52; + } + } + /* UNREACHABLE */; +@@ -11748,7 +11967,7 @@ + return s_n_llhttp__internal__n_req_or_res_method_2; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_47; ++ goto s_n_llhttp__internal__n_error_50; + } + } + /* UNREACHABLE */; +@@ -11772,7 +11991,7 @@ + return s_n_llhttp__internal__n_req_or_res_method_3; + } + case kMatchMismatch: { +- goto s_n_llhttp__internal__n_error_47; ++ goto s_n_llhttp__internal__n_error_50; + } + } + /* UNREACHABLE */; +@@ -11793,7 +12012,7 @@ + goto s_n_llhttp__internal__n_req_or_res_method_3; + } + default: { +- goto s_n_llhttp__internal__n_error_47; ++ goto s_n_llhttp__internal__n_error_50; + } + } + /* UNREACHABLE */; +@@ -11810,7 +12029,7 @@ + goto s_n_llhttp__internal__n_req_or_res_method_1; + } + default: { +- goto s_n_llhttp__internal__n_error_47; ++ goto s_n_llhttp__internal__n_error_50; + } + } + /* UNREACHABLE */; +@@ -11870,7 +12089,7 @@ + /* UNREACHABLE */ + abort(); + } +- s_n_llhttp__internal__n_error_36: { ++ s_n_llhttp__internal__n_error_39: { + state->error = 0x7; + state->reason = "Invalid characters in url"; + state->error_pos = (const char*) p; +@@ -12314,7 +12533,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_16: { ++ s_n_llhttp__internal__n_error_17: { + state->error = 0xb; + state->reason = "Empty Content-Length"; + state->error_pos = (const char*) p; +@@ -12399,14 +12618,51 @@ + s_n_llhttp__internal__n_invoke_load_header_state: { + switch (llhttp__internal__c_load_header_state(state, p, endp)) { + case 2: +- goto s_n_llhttp__internal__n_error_16; ++ goto s_n_llhttp__internal__n_error_17; + default: + goto s_n_llhttp__internal__n_invoke_load_header_state_1; + } + /* UNREACHABLE */; + abort(); + } ++ s_n_llhttp__internal__n_error_16: { ++ state->error = 0xa; ++ state->reason = "Invalid header value char"; ++ state->error_pos = (const char*) p; ++ state->_current = (void*) (intptr_t) s_error; ++ return s_error; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_test_flags_5: { ++ switch (llhttp__internal__c_test_flags_2(state, p, endp)) { ++ case 1: ++ goto s_n_llhttp__internal__n_header_value_discard_lws; ++ default: ++ goto s_n_llhttp__internal__n_error_16; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } + s_n_llhttp__internal__n_invoke_update_header_state_1: { ++ switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { ++ default: ++ goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_load_header_state_3: { ++ switch (llhttp__internal__c_load_header_state(state, p, endp)) { ++ case 8: ++ goto s_n_llhttp__internal__n_invoke_update_header_state_1; ++ default: ++ goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_update_header_state_2: { + switch (llhttp__internal__c_update_header_state(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_field_start; +@@ -12417,7 +12673,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_7: { + switch (llhttp__internal__c_or_flags_3(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_1; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_2; + } + /* UNREACHABLE */; + abort(); +@@ -12425,7 +12681,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_8: { + switch (llhttp__internal__c_or_flags_4(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_1; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_2; + } + /* UNREACHABLE */; + abort(); +@@ -12433,7 +12689,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_9: { + switch (llhttp__internal__c_or_flags_5(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_1; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_2; + } + /* UNREACHABLE */; + abort(); +@@ -12446,7 +12702,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_load_header_state_3: { ++ s_n_llhttp__internal__n_invoke_load_header_state_4: { + switch (llhttp__internal__c_load_header_state(state, p, endp)) { + case 5: + goto s_n_llhttp__internal__n_invoke_or_flags_7; +@@ -12462,7 +12718,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_17: { ++ s_n_llhttp__internal__n_error_18: { + state->error = 0x3; + state->reason = "Missing expected LF after header value"; + state->error_pos = (const char*) p; +@@ -12480,6 +12736,24 @@ + err = llhttp__on_header_value(state, start, p); + if (err != 0) { + state->error = err; ++ state->error_pos = (const char*) (p + 1); ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_header_value_almost_done; ++ return s_error; ++ } ++ p++; ++ goto s_n_llhttp__internal__n_header_value_almost_done; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_3: { ++ const unsigned char* start; ++ int err; ++ ++ start = state->_span_pos0; ++ state->_span_pos0 = NULL; ++ err = llhttp__on_header_value(state, start, p); ++ if (err != 0) { ++ state->error = err; + state->error_pos = (const char*) p; + state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_header_value_almost_done; + return s_error; +@@ -12488,7 +12762,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2: { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_4: { + const unsigned char* start; + int err; + +@@ -12506,7 +12780,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_span_end_llhttp__on_header_value_3: { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2: { + const unsigned char* start; + int err; + +@@ -12515,35 +12789,25 @@ + err = llhttp__on_header_value(state, start, p); + if (err != 0) { + state->error = err; +- state->error_pos = (const char*) (p + 1); +- state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_header_value_almost_done; ++ state->error_pos = (const char*) p; ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_19; + return s_error; + } +- p++; +- goto s_n_llhttp__internal__n_header_value_almost_done; ++ goto s_n_llhttp__internal__n_error_19; + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_18: { +- state->error = 0xa; +- state->reason = "Invalid header value char"; +- state->error_pos = (const char*) p; +- state->_current = (void*) (intptr_t) s_error; +- return s_error; +- /* UNREACHABLE */; +- abort(); +- } +- s_n_llhttp__internal__n_invoke_test_flags_5: { ++ s_n_llhttp__internal__n_invoke_test_flags_6: { + switch (llhttp__internal__c_test_flags_2(state, p, endp)) { + case 1: + goto s_n_llhttp__internal__n_header_value_lenient; + default: +- goto s_n_llhttp__internal__n_error_18; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_3: { ++ s_n_llhttp__internal__n_invoke_update_header_state_4: { + switch (llhttp__internal__c_update_header_state(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_connection; +@@ -12554,7 +12818,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_11: { + switch (llhttp__internal__c_or_flags_3(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_3; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_4; + } + /* UNREACHABLE */; + abort(); +@@ -12562,7 +12826,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_12: { + switch (llhttp__internal__c_or_flags_4(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_3; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_4; + } + /* UNREACHABLE */; + abort(); +@@ -12570,7 +12834,7 @@ + s_n_llhttp__internal__n_invoke_or_flags_13: { + switch (llhttp__internal__c_or_flags_5(state, p, endp)) { + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_3; ++ goto s_n_llhttp__internal__n_invoke_update_header_state_4; + } + /* UNREACHABLE */; + abort(); +@@ -12583,7 +12847,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_load_header_state_4: { ++ s_n_llhttp__internal__n_invoke_load_header_state_5: { + switch (llhttp__internal__c_load_header_state(state, p, endp)) { + case 5: + goto s_n_llhttp__internal__n_invoke_or_flags_11; +@@ -12599,39 +12863,39 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_4: { +- switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_5: { ++ switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_connection_token; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_2: { +- switch (llhttp__internal__c_update_header_state_2(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_3: { ++ switch (llhttp__internal__c_update_header_state_3(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_connection_ws; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_5: { +- switch (llhttp__internal__c_update_header_state_5(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_6: { ++ switch (llhttp__internal__c_update_header_state_6(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_connection_ws; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_6: { +- switch (llhttp__internal__c_update_header_state_6(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_7: { ++ switch (llhttp__internal__c_update_header_state_7(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_connection_ws; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_span_end_llhttp__on_header_value_4: { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_5: { + const unsigned char* start; + int err; + +@@ -12641,17 +12905,17 @@ + if (err != 0) { + state->error = err; + state->error_pos = (const char*) p; +- state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_20; ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_21; + return s_error; + } +- goto s_n_llhttp__internal__n_error_20; ++ goto s_n_llhttp__internal__n_error_21; + /* UNREACHABLE */; + abort(); + } + s_n_llhttp__internal__n_invoke_mul_add_content_length_1: { + switch (llhttp__internal__c_mul_add_content_length_1(state, p, endp, match)) { + case 1: +- goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_4; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_5; + default: + goto s_n_llhttp__internal__n_header_value_content_length; + } +@@ -12666,7 +12930,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_span_end_llhttp__on_header_value_5: { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_6: { + const unsigned char* start; + int err; + +@@ -12676,14 +12940,14 @@ + if (err != 0) { + state->error = err; + state->error_pos = (const char*) p; +- state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_21; ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_22; + return s_error; + } +- goto s_n_llhttp__internal__n_error_21; ++ goto s_n_llhttp__internal__n_error_22; + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_19: { ++ s_n_llhttp__internal__n_error_20: { + state->error = 0x4; + state->reason = "Duplicate Content-Length"; + state->error_pos = (const char*) p; +@@ -12692,26 +12956,82 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_test_flags_6: { +- switch (llhttp__internal__c_test_flags_6(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_test_flags_7: { ++ switch (llhttp__internal__c_test_flags_7(state, p, endp)) { + case 0: + goto s_n_llhttp__internal__n_header_value_content_length; + default: +- goto s_n_llhttp__internal__n_error_19; ++ goto s_n_llhttp__internal__n_error_20; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_7: { +- switch (llhttp__internal__c_update_header_state_7(state, p, endp)) { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_8: { ++ const unsigned char* start; ++ int err; ++ ++ start = state->_span_pos0; ++ state->_span_pos0 = NULL; ++ err = llhttp__on_header_value(state, start, p); ++ if (err != 0) { ++ state->error = err; ++ state->error_pos = (const char*) (p + 1); ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_24; ++ return s_error; ++ } ++ p++; ++ goto s_n_llhttp__internal__n_error_24; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_update_header_state_8: { ++ switch (llhttp__internal__c_update_header_state_8(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value_otherwise; + } + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_8: { +- switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { ++ s_n_llhttp__internal__n_span_end_llhttp__on_header_value_7: { ++ const unsigned char* start; ++ int err; ++ ++ start = state->_span_pos0; ++ state->_span_pos0 = NULL; ++ err = llhttp__on_header_value(state, start, p); ++ if (err != 0) { ++ state->error = err; ++ state->error_pos = (const char*) (p + 1); ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_23; ++ return s_error; ++ } ++ p++; ++ goto s_n_llhttp__internal__n_error_23; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_test_flags_9: { ++ switch (llhttp__internal__c_test_flags_2(state, p, endp)) { ++ case 0: ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_7; ++ default: ++ goto s_n_llhttp__internal__n_header_value_te_chunked; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_load_type_1: { ++ switch (llhttp__internal__c_load_type(state, p, endp)) { ++ case 1: ++ goto s_n_llhttp__internal__n_invoke_test_flags_9; ++ default: ++ goto s_n_llhttp__internal__n_header_value_te_chunked; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_update_header_state_9: { ++ switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_value; + } +@@ -12726,6 +13046,34 @@ + /* UNREACHABLE */; + abort(); + } ++ s_n_llhttp__internal__n_invoke_or_flags_17: { ++ switch (llhttp__internal__c_or_flags_16(state, p, endp)) { ++ default: ++ goto s_n_llhttp__internal__n_invoke_and_flags; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_test_flags_10: { ++ switch (llhttp__internal__c_test_flags_2(state, p, endp)) { ++ case 0: ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_8; ++ default: ++ goto s_n_llhttp__internal__n_invoke_or_flags_17; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_load_type_2: { ++ switch (llhttp__internal__c_load_type(state, p, endp)) { ++ case 1: ++ goto s_n_llhttp__internal__n_invoke_test_flags_10; ++ default: ++ goto s_n_llhttp__internal__n_invoke_or_flags_17; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } + s_n_llhttp__internal__n_invoke_or_flags_16: { + switch (llhttp__internal__c_or_flags_16(state, p, endp)) { + default: +@@ -12734,10 +13082,20 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_or_flags_17: { +- switch (llhttp__internal__c_or_flags_17(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_test_flags_8: { ++ switch (llhttp__internal__c_test_flags_8(state, p, endp)) { ++ case 1: ++ goto s_n_llhttp__internal__n_invoke_load_type_2; + default: +- goto s_n_llhttp__internal__n_invoke_update_header_state_8; ++ goto s_n_llhttp__internal__n_invoke_or_flags_16; ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } ++ s_n_llhttp__internal__n_invoke_or_flags_18: { ++ switch (llhttp__internal__c_or_flags_18(state, p, endp)) { ++ default: ++ goto s_n_llhttp__internal__n_invoke_update_header_state_9; + } + /* UNREACHABLE */; + abort(); +@@ -12747,11 +13105,11 @@ + case 1: + goto s_n_llhttp__internal__n_header_value_connection; + case 2: +- goto s_n_llhttp__internal__n_invoke_test_flags_6; ++ goto s_n_llhttp__internal__n_invoke_test_flags_7; + case 3: +- goto s_n_llhttp__internal__n_invoke_or_flags_16; ++ goto s_n_llhttp__internal__n_invoke_test_flags_8; + case 4: +- goto s_n_llhttp__internal__n_invoke_or_flags_17; ++ goto s_n_llhttp__internal__n_invoke_or_flags_18; + default: + goto s_n_llhttp__internal__n_header_value; + } +@@ -12794,7 +13152,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_22: { ++ s_n_llhttp__internal__n_error_25: { + state->error = 0xa; + state->reason = "Invalid header token"; + state->error_pos = (const char*) p; +@@ -12803,8 +13161,8 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_9: { +- switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_10: { ++ switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_field_general; + } +@@ -12819,8 +13177,8 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_invoke_update_header_state_10: { +- switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { ++ s_n_llhttp__internal__n_invoke_update_header_state_11: { ++ switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_header_field_general; + } +@@ -12860,7 +13218,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_23: { ++ s_n_llhttp__internal__n_error_26: { + state->error = 0x7; + state->reason = "Expected CRLF"; + state->error_pos = (const char*) p; +@@ -12886,7 +13244,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_24: { ++ s_n_llhttp__internal__n_error_27: { + state->error = 0x9; + state->reason = "Expected CRLF after version"; + state->error_pos = (const char*) p; +@@ -12903,7 +13261,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_25: { ++ s_n_llhttp__internal__n_error_28: { + state->error = 0x9; + state->reason = "Invalid minor version"; + state->error_pos = (const char*) p; +@@ -12912,7 +13270,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_26: { ++ s_n_llhttp__internal__n_error_29: { + state->error = 0x9; + state->reason = "Expected dot"; + state->error_pos = (const char*) p; +@@ -12929,7 +13287,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_27: { ++ s_n_llhttp__internal__n_error_30: { + state->error = 0x9; + state->reason = "Invalid major version"; + state->error_pos = (const char*) p; +@@ -12938,7 +13296,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_29: { ++ s_n_llhttp__internal__n_error_32: { + state->error = 0x8; + state->reason = "Expected HTTP/"; + state->error_pos = (const char*) p; +@@ -12947,7 +13305,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_28: { ++ s_n_llhttp__internal__n_error_31: { + state->error = 0x8; + state->reason = "Expected SOURCE method for ICE/x.x request"; + state->error_pos = (const char*) p; +@@ -12959,7 +13317,7 @@ + s_n_llhttp__internal__n_invoke_is_equal_method_1: { + switch (llhttp__internal__c_is_equal_method_1(state, p, endp)) { + case 0: +- goto s_n_llhttp__internal__n_error_28; ++ goto s_n_llhttp__internal__n_error_31; + default: + goto s_n_llhttp__internal__n_req_http_major; + } +@@ -13034,7 +13392,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_30: { ++ s_n_llhttp__internal__n_error_33: { + state->error = 0x7; + state->reason = "Invalid char in url fragment start"; + state->error_pos = (const char*) p; +@@ -13094,7 +13452,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_31: { ++ s_n_llhttp__internal__n_error_34: { + state->error = 0x7; + state->reason = "Invalid char in url query"; + state->error_pos = (const char*) p; +@@ -13103,7 +13461,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_32: { ++ s_n_llhttp__internal__n_error_35: { + state->error = 0x7; + state->reason = "Invalid char in url path"; + state->error_pos = (const char*) p; +@@ -13214,7 +13572,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_33: { ++ s_n_llhttp__internal__n_error_36: { + state->error = 0x7; + state->reason = "Double @ in url"; + state->error_pos = (const char*) p; +@@ -13223,7 +13581,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_34: { ++ s_n_llhttp__internal__n_error_37: { + state->error = 0x7; + state->reason = "Unexpected char in url server"; + state->error_pos = (const char*) p; +@@ -13232,7 +13590,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_35: { ++ s_n_llhttp__internal__n_error_38: { + state->error = 0x7; + state->reason = "Unexpected char in url server"; + state->error_pos = (const char*) p; +@@ -13241,7 +13599,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_37: { ++ s_n_llhttp__internal__n_error_40: { + state->error = 0x7; + state->reason = "Unexpected char in url schema"; + state->error_pos = (const char*) p; +@@ -13250,7 +13608,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_38: { ++ s_n_llhttp__internal__n_error_41: { + state->error = 0x7; + state->reason = "Unexpected char in url schema"; + state->error_pos = (const char*) p; +@@ -13259,7 +13617,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_39: { ++ s_n_llhttp__internal__n_error_42: { + state->error = 0x7; + state->reason = "Unexpected start char in url"; + state->error_pos = (const char*) p; +@@ -13278,7 +13636,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_40: { ++ s_n_llhttp__internal__n_error_43: { + state->error = 0x6; + state->reason = "Expected space after method"; + state->error_pos = (const char*) p; +@@ -13295,7 +13653,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_48: { ++ s_n_llhttp__internal__n_error_51: { + state->error = 0x6; + state->reason = "Invalid method encountered"; + state->error_pos = (const char*) p; +@@ -13304,7 +13662,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_41: { ++ s_n_llhttp__internal__n_error_44: { + state->error = 0xd; + state->reason = "Response overflow"; + state->error_pos = (const char*) p; +@@ -13316,7 +13674,7 @@ + s_n_llhttp__internal__n_invoke_mul_add_status_code: { + switch (llhttp__internal__c_mul_add_status_code(state, p, endp, match)) { + case 1: +- goto s_n_llhttp__internal__n_error_41; ++ goto s_n_llhttp__internal__n_error_44; + default: + goto s_n_llhttp__internal__n_res_status_code; + } +@@ -13359,7 +13717,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_42: { ++ s_n_llhttp__internal__n_error_45: { + state->error = 0xd; + state->reason = "Invalid response status"; + state->error_pos = (const char*) p; +@@ -13376,7 +13734,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_43: { ++ s_n_llhttp__internal__n_error_46: { + state->error = 0x9; + state->reason = "Expected space after version"; + state->error_pos = (const char*) p; +@@ -13393,7 +13751,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_44: { ++ s_n_llhttp__internal__n_error_47: { + state->error = 0x9; + state->reason = "Invalid minor version"; + state->error_pos = (const char*) p; +@@ -13402,7 +13760,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_45: { ++ s_n_llhttp__internal__n_error_48: { + state->error = 0x9; + state->reason = "Expected dot"; + state->error_pos = (const char*) p; +@@ -13419,7 +13777,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_46: { ++ s_n_llhttp__internal__n_error_49: { + state->error = 0x9; + state->reason = "Invalid major version"; + state->error_pos = (const char*) p; +@@ -13428,7 +13786,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_49: { ++ s_n_llhttp__internal__n_error_52: { + state->error = 0x8; + state->reason = "Expected HTTP/"; + state->error_pos = (const char*) p; +@@ -13453,7 +13811,7 @@ + /* UNREACHABLE */; + abort(); + } +- s_n_llhttp__internal__n_error_47: { ++ s_n_llhttp__internal__n_error_50: { + state->error = 0x8; + state->reason = "Invalid word encountered"; + state->error_pos = (const char*) p; +--- nodejs-12.22.12~dfsg/test/parallel/test-http-invalid-te.js ++++ nodejs-12.22.12~dfsg/test/parallel/test-http-invalid-te.js +@@ -13,7 +13,7 @@ Content-Type: text/plain; charset=utf-8 + Host: hacker.exploit.com + Connection: keep-alive + Content-Length: 10 +-Transfer-Encoding: chunked, eee ++Transfer-Encoding: eee, chunked + + HELLOWORLDPOST / HTTP/1.1 + Content-Type: text/plain; charset=utf-8 +--- nodejs-12.22.12~dfsg/test/parallel/test-http-missing-header-separator-cr.js ++++ nodejs-12.22.12~dfsg/test/parallel/test-http-missing-header-separator-cr.js +@@ -0,0 +1,83 @@ ++'use strict'; ++ ++const common = require('../common'); ++const assert = require('assert'); ++ ++const http = require('http'); ++const net = require('net'); ++ ++function serverHandler(server, msg) { ++ const client = net.connect(server.address().port, 'localhost'); ++ ++ let response = ''; ++ ++ client.on('data', common.mustCall((chunk) => { ++ response += chunk.toString('utf-8'); ++ })); ++ ++ client.setEncoding('utf8'); ++ client.on('error', common.mustNotCall()); ++ client.on('end', common.mustCall(() => { ++ assert.strictEqual( ++ response, ++ 'HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n' ++ ); ++ server.close(); ++ })); ++ client.write(msg); ++ client.resume(); ++} ++ ++{ ++ const msg = [ ++ 'GET / HTTP/1.1', ++ 'Host: localhost', ++ 'Dummy: x\nContent-Length: 23', ++ '', ++ 'GET / HTTP/1.1', ++ 'Dummy: GET /admin HTTP/1.1', ++ 'Host: localhost', ++ '', ++ '', ++ ].join('\r\n'); ++ ++ const server = http.createServer(common.mustNotCall()); ++ ++ server.listen(0, common.mustCall(serverHandler.bind(null, server, msg))); ++} ++ ++{ ++ const msg = [ ++ 'POST / HTTP/1.1', ++ 'Host: localhost', ++ 'x:x\nTransfer-Encoding: chunked', ++ '', ++ '1', ++ 'A', ++ '0', ++ '', ++ '', ++ ].join('\r\n'); ++ ++ const server = http.createServer(common.mustNotCall()); ++ ++ server.listen(0, common.mustCall(serverHandler.bind(null, server, msg))); ++} ++ ++{ ++ const msg = [ ++ 'POST / HTTP/1.1', ++ 'Host: localhost', ++ 'x:\nTransfer-Encoding: chunked', ++ '', ++ '1', ++ 'A', ++ '0', ++ '', ++ '', ++ ].join('\r\n'); ++ ++ const server = http.createServer(common.mustNotCall()); ++ ++ server.listen(0, common.mustCall(serverHandler.bind(null, server, msg))); ++} +--- /dev/null ++++ nodejs-12.22.12~dfsg/test/parallel/test-http-transfer-encoding-repeated-chunked.js +@@ -0,0 +1,51 @@ ++'use strict'; ++ ++const common = require('../common'); ++const assert = require('assert'); ++ ++const http = require('http'); ++const net = require('net'); ++ ++const msg = [ ++ 'POST / HTTP/1.1', ++ 'Host: 127.0.0.1', ++ 'Transfer-Encoding: chunkedchunked', ++ '', ++ '1', ++ 'A', ++ '0', ++ '', ++].join('\r\n'); ++ ++const server = http.createServer(common.mustCall((req, res) => { ++ // Verify that no data is received ++ ++ req.on('data', common.mustNotCall()); ++ ++ req.on('end', common.mustNotCall(() => { ++ res.writeHead(200, { 'Content-Type': 'text/plain' }); ++ res.end(); ++ })); ++}, 1)); ++ ++server.listen(0, common.mustCall(() => { ++ const client = net.connect(server.address().port, 'localhost'); ++ ++ let response = ''; ++ ++ client.on('data', common.mustCall((chunk) => { ++ response += chunk.toString('utf-8'); ++ })); ++ ++ client.setEncoding('utf8'); ++ client.on('error', common.mustNotCall()); ++ client.on('end', common.mustCall(() => { ++ assert.strictEqual( ++ response, ++ 'HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n' ++ ); ++ server.close(); ++ })); ++ client.write(msg); ++ client.resume(); ++})); +--- nodejs-12.22.12~dfsg/test/parallel/test-http-transfer-encoding-smuggling.js ++++ nodejs-12.22.12~dfsg/test/parallel/test-http-transfer-encoding-smuggling.js +@@ -1,46 +1,89 @@ + 'use strict'; + + const common = require('../common'); +- + const assert = require('assert'); ++ + const http = require('http'); + const net = require('net'); + +-const msg = [ +- 'POST / HTTP/1.1', +- 'Host: 127.0.0.1', +- 'Transfer-Encoding: chunked', +- 'Transfer-Encoding: chunked-false', +- 'Connection: upgrade', +- '', +- '1', +- 'A', +- '0', +- '', +- 'GET /flag HTTP/1.1', +- 'Host: 127.0.0.1', +- '', +- '', +-].join('\r\n'); +- +-// Verify that the server is called only once even with a smuggled request. +- +-const server = http.createServer(common.mustCall((req, res) => { +- res.end(); +-}, 1)); +- +-function send(next) { +- const client = net.connect(server.address().port, 'localhost'); +- client.setEncoding('utf8'); +- client.on('error', common.mustNotCall()); +- client.on('end', next); +- client.write(msg); +- client.resume(); ++{ ++ const msg = [ ++ 'POST / HTTP/1.1', ++ 'Host: 127.0.0.1', ++ 'Transfer-Encoding: chunked', ++ 'Transfer-Encoding: chunked-false', ++ 'Connection: upgrade', ++ '', ++ '1', ++ 'A', ++ '0', ++ '', ++ 'GET /flag HTTP/1.1', ++ 'Host: 127.0.0.1', ++ '', ++ '', ++ ].join('\r\n'); ++ ++ const server = http.createServer(common.mustNotCall((req, res) => { ++ res.end(); ++ }, 1)); ++ ++ server.listen(0, common.mustCall(() => { ++ const client = net.connect(server.address().port, 'localhost'); ++ ++ let response = ''; ++ ++ // Verify that the server listener is never called ++ ++ client.on('data', common.mustCall((chunk) => { ++ response += chunk.toString('utf-8'); ++ })); ++ ++ client.setEncoding('utf8'); ++ client.on('error', common.mustNotCall()); ++ client.on('end', common.mustCall(() => { ++ assert.strictEqual( ++ response, ++ 'HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n' ++ ); ++ server.close(); ++ })); ++ client.write(msg); ++ client.resume(); ++ })); + } + +-server.listen(0, common.mustCall((err) => { +- assert.ifError(err); +- send(common.mustCall(() => { +- server.close(); ++{ ++ const msg = [ ++ 'POST / HTTP/1.1', ++ 'Host: 127.0.0.1', ++ 'Transfer-Encoding: chunked', ++ ' , chunked-false', ++ 'Connection: upgrade', ++ '', ++ '1', ++ 'A', ++ '0', ++ '', ++ 'GET /flag HTTP/1.1', ++ 'Host: 127.0.0.1', ++ '', ++ '', ++ ].join('\r\n'); ++ ++ const server = http.createServer(common.mustCall((request, response) => { ++ assert.notStrictEqual(request.url, '/admin'); ++ response.end('hello world'); ++ }), 1); ++ ++ server.listen(0, common.mustCall(() => { ++ const client = net.connect(server.address().port, 'localhost'); ++ ++ client.on('end', common.mustCall(function() { ++ server.close(); ++ })); ++ ++ client.write(msg); ++ client.resume(); + })); +-})); ++} +--- nodejs-12.22.12~dfsg/test/parallel/test-http-header-overflow.js ++++ nodejs-12.22.12~dfsg/test/parallel/test-http-header-overflow.js +@@ -1,3 +1,5 @@ ++// Flags: --expose-internals ++ + 'use strict'; + const { expectsError, mustCall } = require('../common'); + const assert = require('assert'); +@@ -8,7 +10,7 @@ const CRLF = '\r\n'; + const DUMMY_HEADER_NAME = 'Cookie: '; + const DUMMY_HEADER_VALUE = 'a'.repeat( + // Plus one is to make it 1 byte too big +- maxHeaderSize - DUMMY_HEADER_NAME.length - (2 * CRLF.length) + 1 ++ maxHeaderSize - DUMMY_HEADER_NAME.length + 2 + ); + const PAYLOAD_GET = 'GET /blah HTTP/1.1'; + const PAYLOAD = PAYLOAD_GET + CRLF + +@@ -21,7 +23,7 @@ server.on('connection', mustCall((socket + name: 'Error', + message: 'Parse Error: Header overflow', + code: 'HPE_HEADER_OVERFLOW', +- bytesParsed: maxHeaderSize + PAYLOAD_GET.length, ++ bytesParsed: maxHeaderSize + PAYLOAD_GET.length + (CRLF.length * 2) + 1, + rawPacket: Buffer.from(PAYLOAD) + })); + })); diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb index 70f23de7b..3ededae56 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb @@ -25,6 +25,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://CVE-2022-32212.patch \ file://CVE-2022-35255.patch \ file://CVE-2022-43548.patch \ + file://CVE-llhttp.patch \ " SRC_URI_append_class-target = " \ file://0002-Using-native-binaries.patch \